…why I couldn’t get to one of the web sites I run, how to (hopefully) backup my installed programs list for later reinstalling the lot, and how to forward my desktop generated mail to my normal account.

Firewall Issues

The default install of Ubuntu come with no servers, the only thing that comes close is the print admin web pages and these only listen on the loop back adaptors. Now I don’t quite agree with this thinking, but the developers have decided that because there is nothing to hack why even have a firewall. I can see their reasoning, but what happens if one a default machine a program crashes and ends up opening the machine to the world. Their answer is that none of the default programs would do this, they are all desktop programs etc etc.

Of course this all falls down when you install a server, such as I have with the open-ssh server. I then had a machine with no firewall and a server available. Granted you can only access my desktop if you can get past my server and its firewall, but I’m not the only person in the house who owns a pc. My housemates run that other OS, and as happened in the past they can get in infected (not that it did much harm on my network other than to nuke the installation). So I personally do need to run a firewall.

A quick search on the web and Ubuntu forums came up with the suggestion of Firestarter, available in the repositories for download and install. I’m no expert at the firewall setup under any os, never mind linux. The GUI wizard quickly helped me to setup a secure(ish) firewall with ports availble for the services run my desktop in no time at all. Time passed and all seemed to working.

Until last week when I couldn’t get to one of the web sites I run. I couldn’t ping, ssh or use a web browser to get any where near the server. The ping issue turned out to be a preferences option, I had to enable ping echo. But I still couldn’t get to the server. I knew the server was up and working because I was able to ssh to another host and then ping/ssh from there. The error I was getting in the firewall logs indicated it was a sun-rpc portmapping issue. Enabling the sun-rpc port didn’t work, neither did allowing all connections the servers ip address. Nothing I did would work. Yet I knew it had to be a firewall problem, if I turned the firewall off then it all worked.

In the end Google helped me by pointing me in the direction of this post and this reply. One file edit, a firewall restart and bingo, it worked!

Turns out their is a bug with the version of firestarter in the repository that sets an incorrect range of ips as none routable. And the server was in the range.

Backups

Again google helped by providing a site and the following code:

dpkg --get-selections | sed -e 's/hold$/install/' >  yourpkgs.list
dpkg --set-selections < yourpkgs.list

The first line backups the list of installed programs to a file. The second line then uses that file to set the status of programs to be installed. This combined with the correct repositories and the following command

apt-get dselect-upgrade

should then install all the programs you had previously installed. All you need to do then in configure them, which shouldn’t be to hard as some of them will get their configs from my backed up home directory. And the hard part is often working which programs you had installed, not configuring them.

Mail forward

My desktop does some tasks in the background such as checking certain files and configurations. If it finds a problem then it e-mails these to me, unfortunatly it sends it to my local user and not to my e-mail address on the server, so I don’t see them unless I remember to look.

Google once again helped to let me know that if put any address into a file called .forward in my home directory then it would forward any mail for my account to that address.

One mail forwarding sorted – thanks again to google. What would I do with out it.