Home : Linux :


Shorewall and VOIP

I have fixed public IP address and a Grandstream Budge Tone-200 SIP phone behind my Shorewall firewall. For the firewall I DNAT'd udp port 5060 (default SIP port) in the rules file

      DNAT      net      loc:      udp      5060

In the phones Basic Settings I used static LAN addresses. In Advanced Settings I set Use NAT IP to the public address

      Use NAT IP      (if specified, this will be used in SIP/SDP message)

Its my understanding that 5060 allows the connection to be setup and that the firewall takes care of the rest. The NAT IP setting puts the public address in the SIP message headers so that the other end knows where they came from.

...While the above works fine, the following is an interesting option that was prompted by ipcomms.net which offers a free IP to IP DID (IP to IP DNAT - all udp ports)

      DNAT    net:    loc:      udp

...I'm now using the following. Specifying VIOP provider IP address(es/ranges, comma separated) in "net" is one way to stop folks that are fishing for asterisk systems they can hack. What prompted this for me was two long (I don't know how long, I set DND and checked back one in a while) rapid-fire series of single ring calls to my phone. I forgot about the above (forward all udp requests from specified addresses), but this is working with voip.ms so I'm leaving it alone... CallCentric is a bit tougher (range), but seems to be OK.

      DNAT      net:,      loc:      udp      5060,5061
[ comment | link | top ]

Dovecot IMAP/POP Server

Setting up SquirrelMail on a new server, wanting to move ~/Mail to ~/Documents/Mail (I hate clutter in my home directory and there's no reason for mail to be in ~/ on my server), wanting a daemon (VS UW IMAP and otherwise unneeded xinetd) and seeing Dovecot in Webmin led me to try it. I ended up in the /etc/dovecot.conf partly because the Webmin module in Mandriva 2008 uses an outdated variable (default_mail_env is now mail_location).

To get the folder location I wanted I enabled mail_location:

      mail_location = mbox:~/Documents/Mail:INBOX=/var/mail/%u

Since my inbox is owned by user:[user] group:mail, I had to enable the mail_extra_groups (Thx to Ow Mun Heng)

      mail_extra_groups = mail

Newer versions may suggest (... now demand) something like mail_privileged_group = mail due to a potential security issue (ref).

See also: The mbox configuration and BasicConfiguration pages on the Dovecot Wiki (which covers a lot of other features, e.g. virtual users)

Feb '09: The current PCLOS package has outdated .conf and pam config. I ended up using my Madriva config with paths adjusted to suit the PCLOS install. I also had to edit /etc/pam.d/dovecot so that login would work. I used the example on the QuickConfiguration page.
[ comment | link | top ]

1440x900 resolution

Nov '07: Current distros properly detect/setup LCD monitors with a 1440x900 native resolution.
Dec '14: A step back because current Trinity based distros don't.
$ cvt 1440 900
return includes: Modeline "1440x900_60.00" 106.50...
$ xrandr --newmode "1440x900_60.00" 106.50...
adds new mode option labeled "1440x900_60.00"
$ xrandr --current
return includes output label, e.g. VGA-0, VGA1, etc.
$ xrandr --addmode VGA-0 "1440x900_60.00"
adds new mode option for VGA-0
xrandr --output VGA-0 --mode 1440x900_60.00
applies new mode to VGA-0

When I got a 19" wide-screen monitor I had to do the following in Mandrake 10.1.
Section "Monitor"
    # Added 1440x900 @ 60.00 Hz (GTF) hsync: 55.92 kHz; pclk: 106.47 MHz
    Modeline "1440x900" 106.47 1440 1520 1672 1904 900 901 904 932 -HSync +Vsync
Section "Screen"
    Replaced 'Virtual 1400 1050' with 'Modes "1440x900"'
Aug '06: Mandriva 2006 still doesn't have the AL1916W monitor on the list but there is a generic 1440x900 flat panel option (Nov '06: all is well in 2007). For setting the resolution you have to choose 'other' at the bottom of the list before you will be able to select 1440x900. I did it from 'Configure Your Computer' after install (I didn't notice any options when using the Mandriva One disk to install 2006).
Suse 10.1 auto-detects the monitor but not the native resolution. You can change the resolution to 1440x900 during the hardware setup (install).

simple modeline generator... Xorg core includes cvt and gtf, $cvt [width] [height] does the trick
[ comment | link | top ]

CD/DVD drive speed

Drives can be distractingly noisy when playing videos. For my external USB DVD/CD ROM 4x works good. As root I do:

   # hdparm -E 4 /dev/sr0

Options per mplayer docs:

   # hdparm -E [speed] [device]
   # setcd -x [speed] [cdrom device]
   # cdctl -bS [speed]
[ comment | link | top ]

Change file ownership and permissions

Using the command line interface (typically as su/root).

Changing ownership:

   chown [user]:[group] [file or directory]
   chown :[group] [file or directory]
   chown [user] [file or directory]

Changing permissions:

Chmod [user, group, others, all (u,g,o)] [= sets permissions, +/- adds or subtracts permissions] [read, write, execute/enter]. Multiple changes can be strung together with comas

   chmod [u,g,o,a][=,+,-][r,w,x] [file or directory]

   chmod u=rwx,go=r [file or directory]

sets group and others permissions to read only and user permissions to read/write/execute.

   chmod ug+x,o-w [file or directory]

removes others write permissions and adds user and group execute permissions.

Using octal numbers to set permissions, 4 = r, 2 = w and 1 = x. Adding the desired permissions means 7 = r/w/x, 6 = r/w, 5 = r/x, 4 = r.

   chmod 764 [file or directory] (user r/w/x group r/w others r, rwxrw-r--)
   chmod 754 [file or directory] (user r/w/x group r/x others r, rwxr-xr--)
   chmod 644 [file or directory] (user r/w group r others r, rw-r--r--)

chmod -R ... will set/apply changes recursively.

Umask is the permissions you _don't_ want subtracted from full permissions (777 directories and 666 files). A 0 umask = full permissions. An 022 umask would be 777 - 022 = 755 (rwxr-xr-x) directories and 666 - 022 = 644 (rw-r--r--) files. An 066 umask is not as straight forward: 700 (rwx------) / 600 (rw-------) , 7-7 and 7-(4+2+1) / 6-6 and 6-(4+2)... that last bit makes no sense now, but I did find a handy reference (ref).

UmaskCreated FilesCreated Directories
000666    (rw-rw-rw-)777    (rwxrwxrwx)
002664    (rw-rw-r--)775    (rwxrwxr-x)
022644    (rw-r--r--)755    (rwxr-xr-x)
027640    (rw-r-----)750    (rwxr-x---)
077600    (rw-------)700    (rwx------)
277400    (r--------)500    (r-x------)

[ comment | link | top ]

Mirroring a site with wget

wget -m -w30 -P/local/cache -A.html,htm -b -o/local/cache/log/remote.txt http://remote/

-m - Mirror a site. Subsequent runs will only fetch new/changed files
-w30 - Wait 30 seconds between fetches
-P/local/cache - Where to store the mirror, starting URL will be appended
-A.html,htm - Only fetch files w/ html or htm extensions
-b - Run wget as a background process
-o/local/cache/log/remote.txt - Specify a logfile name/location
http://remote/ - starting URL

Getting a complete single page (e.g. with images):
wget -E -H -k -K -q -P [dir to store in] -p "[url of page to fetch]"

...added quotes to fetch url because wget quits reading the url at character's like '=' without them. Probably should use hex equivalents when using in a script.

...I'm not sure why I have the -K... That and other switch descriptions:

-E: Add html extension on html files w/ no extension
-H: Enable spanning across hosts when doing recursive retrieving.
-k: Convert the links in the document to make them suitable for local viewing
-K: Keep a copy of the original page (not modified for local viewing)
-q: Turn off Wget's output.
-P: Parent storage directory
-p: Download all the files that are necessary to properly display a given HTML page

-nH: No hostname subdirectory
-nd: No subdirectory hierarchy (files need a unique name)

cURL is an option to wget that I have yet to check out... It doesn't appear to have as many options.
[ comment | link | top ]

Mounting an ISO image

Login as root and mount your image using the following syntax:
   # mount -t iso9660 /path/to/yourimage.iso /where/to/mount/ -o loop

When doing this all within a Konqueror window you need to do a lazy umount (-l) because the mounted filesystem will be busy even if you've closed all the files.
   # umount -l -t iso9660 /path/to/yourimage.iso /where/to/mount/

Mounting an ISO image in Linux

Dec '07: It looks like editing (possibly viewing as well) iso images is easier with software written for the task. Availability depends on distro but I've seen ISO Master recommended and found another called Kiso

ISO Master seems to have more features and better design. With ISO Master you can extract, add and delete from the image. In my case I wanted to extract, edit and reinsert a file and this was relatively easy. I did have to change the permissions on the extracted file to be able to edit it. One problem I had is that ISO Master couldn't write my modified trial image because the image boot record was not divisible by 4 (couldn't do a checksum). I don't know if its an issue or not. An earlier version of the iso I was working with was writable. I've yet to do any testing of edited images.

With Kiso you have to run it the first time as root (I opened a console, su'd and ran kiso). Kiso's options are add file or extract image, no extracting a single file for editing.

...Unfortunately, the real (much bigger) iso image that I wanted to edit uses Squashfs (most of the files/directories are compressed and packaged in one foo.sqfs file) so further explorations are on hold.
[ comment | link | top ]

Mouse Scroll

I thought this was Mandriva specific but I have noticed some weirdness in XP as well. I haven't spent much time on SuSE lately but haven't noticed issues there. In my case it appears to have something to do with my KVM and USB to PS2.

Instead of just scrolling up and down the page my mouse seems to want to page forward and backward as well (e.g. browser < >).

For me its not just a Mozilla Firefox mouse scroll wheel behavior issue, it happens in a lot of apps. The OP's solution was to

change /etc/X11/xorg.conf (InputDevice : Mouse1)
   Option "ZAxisMapping "4 5 6 7"
   Option "ZAxisMapping "4 5"

I didn't have that line (or the apparently related Option "Buttons") and adding it (them) didn't make a difference.

...Those options appear to be tied to /etc/X11/imwheel/ where I found references to forward and backward. Instead of figuring it all out I disabled imwheel.

In /etc/X11/imwheel/startup.conf I changed

which fixed scrolling in most apps (Konqueror, Firefox, Kuickshow) but busted Gwenview (paging with the scroll wheel randomly switches between browsing and full screen modes) :(

...No other issues have cropped up so I'm leaving it as is. I was starting to like Gwenview but Kuickshow suits me just fine.
[ comment | link | top ]


In Webmin I added an export on the NFS server and on the other end I added a Network Filesystem mount setting Mounted As, NFS Hostname and NFS directory. I left everything else at defaults. Really pretty friggin simple...On the export do not allow root and only allow LAN computers.

Oct '07: I started playing with this again and decided to KISS and use Samba for all LAN sharing. Mandiva (and by extension PCLOS) has a pretty nice GUI in the Control Center and Smb4K is handy for mounting/unmounting.
[ comment | link | top ]


sa-learn --mbox --spam /home/dave/Mail/spam

I'm using sendmail so mail format is --mbox. I'm telling Spamassassin to learn --spam (or --ham) and where its located.
[ comment | link | top ]


Lousy setup/maintenance had me stuck with a 104.5MB file I wanted to browse. I used 'split' to break it up into 10MB (10485760 bytes) files. Split adds an alphabetical two letter suffix by default.

   $ split -b 10485760 log log_

results in log_aa, log_ab, ...

...With a log file splitting by lines is better than bytes

   $ split -l 50000 log log_

gave me the same series of files. In this case 50k lines was real close 10MB per file (9.7 - 10.3).
[ comment | link | top ]


DA's RPM Build Hints
Looks like it provides enough info to get started with building RPM packages.
[ comment | link | top ]
ImageMagick: Command-line Options
"...list of command-line options recognized by the ImageMagick command-line tools."

ImageMagick v6 Examples -- Resize or Scaling
ImageMagick v6 Examples -- Creating Thumbnails
[ comment | link | top ]

Back to: Linux