FANDOM


Networking will focus on considerations, xinetd, and then inetd

ConsiderationsEdit

This document assumes a few things. First, it assumes that your server can be reached from the outside internet. SysOps should be familiar with how to port forward from a router or an access point to their internal box. This document also assumes that SysOps know how to set up effective incoming firewalls, but to touch on a few good ideas in summary:

  1. Your router or switch should only forward the ports necessary for the BBS and any other services you're intentionally running.
  2. For the BBS only: Forward port 21, 22, and 23 to your BBS's internal IP address.
  3. If you use non-standard ports...you probably already have the knowledge to do all of this yourself :)
  4. For http/https services external to daydream, open up 80 and 443 as well.
  5. Never, ever, under any circumstances, open up a DMZ. You may as well invite hackers over to your house and just give them the keys.
  6. Set up good iptables rules. A good set of tools on linux nowadays is gufw
  7. You'll want to duplicate whatever you've set up at your router on your own internal iptables. It's tougher to compromise redundant systems.
  8. You'll probably want to lock down the bbs and zipcheck users from being able to make outgoing connections.
  9. If you allow SSH connections, shut off SFTP!

Create this file first:Edit

Create a file called rundd in your base DayDream directory. We will assume that all standard /home/bbs configurations have been made. If you have something non-standard...figure it out. :)

First, if you're using a script to set ownership, make the /home/bbs/rundd file look like this:

#!/bin/bash

/home/bbs/ownbbs.sh

/home/bbs/bin/ddtelnetd -ubbs

If you aren't going to bother with the ownership script, just put this in there:

#!/bin/bash

/home/bbs/bin/ddtelnetd -ubbs

Of course, after making the script, make it executable

chmod +x /home/bbs/rundd

xinetd setupEdit

We're going to assume you want to use TELNET (by way of ddtelnetd), SSH, and FTP (by way of ddftpd) on standard ports. If this deviates from your system, adjust accordingly.

Make sure you have an SSH daemon set up on your distribution. There are countless ways to do this, google the easiest way for your distro and make sure you can 'ssh localhost' before moving on.

Make sure you have the following lines uncommented and set appropriately in /etc/services

ftp     21/tcp


telnet  23/tcp

Now, change directories into /etc/xinetd.d/

Check and see if you have anything dedicated to the services 'ftp' or 'telnet' in there. If so, get rid of them.

As root, create the file /etc/xinetd.d/telnet and make it look like this:

service telnet

{

socket_type      = stream

protocol         = tcp

wait             = no

user             = root

server           = /home/bbs/rundd

flags            = REUSE NODELAY KEEPALIVE

log_on_failure  += USERID

}

For the ftp server, ddftpd, create the file (as root) /etc/xinetd.d/ftp and make it look like this:

service ftp

{

socket_type      = stream

protocol         = tcp

wait             = no

user             = root

server           = /home/bbs/bin/ddftpd

server_args      = -D/home/bbs -p/home/bbs/bin/daydream

log_on_success  += DURATION

nice             = 10

disable          = no

env              = DAYDREAM=/home/bbs

}

inetd setupEdit

I have no way to test this. I have nothing using inetd, so this is all hypothetical. I believe it's as simple as making sure these two lines live in your /etc/inetd.conf

telnet stream tcp nowait root /usr/sbin/tcpd /home/bbs/rundd

ftp stream tcp nowait root /usr/sbin/tcpd /home/bbs/scripts/runftp.sh

And finally, you'll need to create the script /home/bbs/scripts/runftp.sh and make it look like this

#!/bin/bash

. /home/bbs/scripts/ddenv.sh

/home/bbs/bin/ddftpd ddftpd -D/home/bbs -p/home/bbs/bin/daydream

And of course, after creating this file, chmod +x /home/bbs/scripts/runftp.sh

Done!

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.