The Perfect Setup - Fedora Core 5 (64-bit) - Page 3

2 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this section.)

Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which looks like this:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.0.255
HWADDR=00:0C:29:46:19:D3
IPADDR=192.168.0.100
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes

Now we want to create the virtual interface eth0:0 with the IP address 192.168.0.101. All we have to do is to create the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 which looks like this (we can leave out the HWADDR line as it is the same physical network card):

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes

Afterwards we have to restart the network:

/etc/init.d/network restart


3 Configure The Firewall

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall).

Run

system-config-securitylevel

Select Disabled and press OK.

To check that the firewall has really been disabled, you can run

iptables -L

afterwards. The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


4 Disable SELinux

SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Afterwards we must reboot the system:

shutdown -r now


5 Install Some Software

Now we install some software packages that are needed later on:

yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++

Share this page:

27 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-04-12 04:22:51

Good and easy to understand. But i have one question, how do you take screen shots of the install process?

From: Anonymous at: 2006-04-14 14:43:18

i normally use vmware to capture that process

From: Anonymous at: 2006-04-24 17:17:23

During any install, just hit the print screen key. The screen capture will be saved in /root. You can access it later from there.

From: Anonymous at: 2006-04-26 08:36:48

I've been following most of your perfect guides. Thanks for your effort of putting these up for newbies like me to follow.

I'd like to know when you'll put up Fedora Core 5 (not 64bit ver) for us as my box doesn't support the already guide on this site.

Thanks

From: Anonymous at: 2006-05-03 11:15:49

the only difference is on page 5 of the guide where its says this..

vi /usr/lib64/sasl2/smtpd.conf

just substitute it with

vi /usr/lib/sasl2/smtpd.conf

and thats it :)

From: Anonymous at: 2006-05-03 11:16:46

the only difference is on page 5 of the guide where its says this..

vi /usr/lib64/sasl2/smtpd.conf

just substitute it with

vi /usr/lib/sasl2/smtpd.conf

and thats it :)

From: Anonymous at: 2006-07-26 20:44:50

It is perfect.  There are no typos and the grammar is perfect.

A real joy after struggling with trying to get proftpd and vhcs set up.

Now I actually have a completely working server with postfix, ftp, etc.

The only thing that would have made this perfect is if you had continued with the installation of ISPConfig.  I am a little nervous now because I have to follow ISPConfig's documentation, which I know won't be as good as yours.  Good job!!

From: admin at: 2006-07-27 06:37:21

The ISPConfig documentation was also written by Falko and Till, so there's nothing to worry about.

Just follow the instructions here: http://www.ispconfig.org/manual_installation.htm 

From: Anonymous at: 2006-04-18 15:56:10

The given reboot command is incorrect on Fedora core 5. Just use the command "reboot" and it works correctly.

From: Anonymous at: 2006-04-18 19:45:12

Actually "shutdown -r now" works just fine on FC5. it's worked on every redhat version I have used since 2.2 as well as Solaris and SysVR4 -nic

From: Anonymous at: 2006-05-04 17:27:58

try /sbin/shutdown -r 0

From: tommytomato at: 2006-10-03 02:55:42

try

shutdown -h now

Has worked on every linux OS I have installed, I spose there's are few different ways to doing it. 

From: at: 2007-08-12 14:15:11

shutdown -h now halts the system after the shutdown, shutdown -r now reboots the system and them two commands always work for me on every fedora OS i have installed,

Regards ProServ-UK

From: Anonymous at: 2006-04-18 21:18:04

It's not wrong, it's just a different way of running the same command. On some systems (not sure about Fedora) the 'reboot' command is just an alias to 'shutdown -r now'.

From: Anonymous at: 2006-06-17 13:07:16

Thank you very much for this post!!! I was trying for days to install fedora5 without results. The standard installed firewall and selinux were the two thinks I hang on. Thanks again !!!

b.t.w. I always use: /sbin/reboot

From: Anonymous at: 2006-05-26 07:18:49

mysqladmin -h server1.example.com -u root -p password yourrootsqlpassword

Newbie (me) struggled with that one for a short while.

From: Anonymous at: 2006-08-07 10:25:21

Thanks for the heads up bro!

From: KJ at: 2008-12-02 01:36:43

Thanks to everyone who participated in writing up all these tutorials. Truly a lifesaver.

From: Anonymous at: 2006-05-28 01:32:18

If (64-bit) use

vi /usr/lib64/sasl2/smtpd.conf

If (32-bit) use

vi /usr/lib/sasl2/smtpd.conf

From: Anonymous at: 2006-08-16 16:33:20

i noticed that too.... but overall for beginner's use this is a great setup walkthrough... it goes step by step... with commands and all... and if you don't plan to install ISPConfig... it helps you to choose the correct options for you.

From: Sanjay at: 2009-06-08 12:16:29

10 Apache2 With PHP5

Now we install Apache with PHP5:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

 

Thank you thank you Sooooooooooooooooo much for this awesome piece of information !!!

:)

From: shafi at: 2009-11-20 12:00:49

Great man.. i didnt know that kinda module exists. i was searching blank. Thank youuuuuuuuuuuuuuuuuuuuuuuuuuu!

From: Anonymous at: 2006-04-16 23:27:50

Thankfully I read your fedora core 4 walkthrough and actually attempted it but wanted to use fc 5 instead. You didn't mention here though that this os needs the /etc/pam.d/ftp file created just like in fc 4 so for those users that would like their clients to have ftp access do the following. Excellent walkthrough by the way, this software is very impressive!!!

Some users reported that they were not able to login with system users so you might have to do the following steps:

Create the file /etc/pam.d/ftp with the following content:

#%PAM-1.0
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so

Restart proftpd afterwards:

/etc/init.d/proftpd restart

From: Anonymous at: 2006-04-18 19:48:23

(this is my third try.. It it doesn't work, then someone needs to post a how-to on posting comments here since this interface is buggy.)

The proftpd RPM should include /etc/pam.d/proftpd which, following the fedora/redhat methodology, would use system-auth. If you don't have it, hunt around for it (I would post it here, but it seems to not like the posting of the pam.d/proftpd code).

In regards to the how-to, there are a couple of things that don't seem to click correctly:

1. Installing bind-chroot (step 7) will automatically set up the chroot'ed environment. There is no need to make the symbolic links by hand.

2. Why install additional software, as in Step 5, when you can just do it during the install process (that's what I did)?

3. Why the preference towards webalizer? It hasn't been updated in *ages* (2001, I believe) and there are other (better) applications out there now (ie: awstats).

4. In step 9.1, it is stated that "dovecot uses Maildir format (not mbox)", but that is incorrect. The beauty of dovecot is that it supports both Maildir and mbox formats equally. (we use dovecot here with mbox)

I have to agree with you completely regarding SELinux. :) And, with all of that aside, this how-to is an excellent article! Nice work!

From: tommytomato at: 2006-10-03 02:58:59

Is this for 64bit FC5 only ? or can it been installed on a 32bit system ?

 TT

From: Anonymous at: 2006-06-25 16:01:42

Dude!

Thanks so much for the "disabling sulinux" tip. I was killing myself trying to get viewvc or trac setup as CGI's behind httpd. I disabled sulinux, and suddenly, everything worked as advertised!

Howtos like this help clarify the process for everyone. Choice is good, and a proven baseline is even better.

-Ted Husted.

 

 

From: Anonymous at: 2006-06-26 14:40:56

Hello, After frustrating with other "all-in-one" guides, I had just about given up but my drive to get it done directed me to this little gem and now I have my complete FC5 system just the way I wanted on a VMWare machine. This basically allowed me to have a carbon copy of my production server. If I could have found this a few days ago I would have been done so much sooner, but I am still very pleased with the end result. Sincerely, Very happy reader/developer Matt