模板
教程
环境
性能
功能
管理
17小时玩转AS3,时间没白费!(修订版)
发表于:2007-07-04来源:作者:点击数:
标签:
[color=red:6f57b6b1f4]作者:白金网名:platinum(chinaunix)超超白金(白金论坛) 欢迎转载,转载请保留上述信息 ===========================================================================[/color:6f57b6b1f4] 这两天一直在研究AS3,初次使用,由RH
[color=red:6f57b6b1f4]作者:白金 网名:platinum(chinaunix) 超超白金(白金论坛)
欢迎转载,转载请保留上述信息
=========================================================================== [/color:6f57b6b1f4]
这两天一直在研究AS3,初次使用,由RH73跨越到AS3,确实有很多东西不适应,配置方法也不太一样,下面就我在安装配置时出现的一些问题在这里说明一下
我的系统挂了MYSQL、PHP、APACHE2,做了SQUID和NAT、SAMBA、DHCP、SENDMAIL+SMTP认证、PROFTPD
1、安装MYSQL4.0.18
下了MYSQL以后,解压缩
[quote:6f57b6b1f4]
./configure --prefix=/usr/local/mysql
make
make install
useradd mysql
chown -R mysql /usr/local/mysql/var
[/quote:6f57b6b1f4]
启动MYSQL,/usr/local/mysql/bin/mysqld_safe --user=mysql
2、安装APACHE 2.0.48
解压缩
[quote:6f57b6b1f4]
./configure
make
make install
[/quote:6f57b6b1f4]
3、安装PHP 4.3.4
解压缩
[quote:6f57b6b1f4]
./configure --with-mysql --with-apxs2=/usr/local/apache2/bin/apxs --enable-versioning --disable-debug --enable-track-vars
make
make install
[/quote:6f57b6b1f4]
修改/usr/local/apache2/conf/httpd.conf
看有没有以下两行
[quote:6f57b6b1f4]
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
[/quote:6f57b6b1f4]
默认应该有第一行,第二行要自己添加
增加默认页面index.php
[quote:6f57b6b1f4]
DirectoryIndex index.html index.php index.htm index.html.var
[/quote:6f57b6b1f4]
4、配置SENDMAIL
vi /etc/mail/sendmail.mc
将
[quote:6f57b6b1f4]
dnl # TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl # define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
[/quote:6f57b6b1f4]
修改为,以便支持SMTP发信认证
[quote:6f57b6b1f4]
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
[/quote:6f57b6b1f4]
将
[quote:6f57b6b1f4]
DAEMON_OPTIONS(`Port=smtp,127.0.0.1,Name=MTA')dnl
[/quote:6f57b6b1f4]
修改为,支持远程访问
[quote:6f57b6b1f4]
DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl
[/quote:6f57b6b1f4]
将
[quote:6f57b6b1f4]
dnl # MASQUERADE_AS(`platinum.3322.org')dnl
[/quote:6f57b6b1f4]
改为
[quote:6f57b6b1f4]
MASQUERADE_AS(`platinum.3322.org')dnl
[/quote:6f57b6b1f4]
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
vi /etc/mail/sendmail.cf
修改
[quote:6f57b6b1f4]
Cwlocalhost
[/quote:6f57b6b1f4]
为
[quote:6f57b6b1f4]
Cwlocalhost platinum.3322.org
[/quote:6f57b6b1f4]
vi /etc/mail/aclearcase/" target="_blank" >ccess 添加0.0.0.0 RELAY
vi /etc/mail/local-host-names
添加
[quote:6f57b6b1f4]
localhost
platinum.3322.org
[/quote:6f57b6b1f4]
启动服务:
/etc/rc.d/init.d/sendmail start
/etc/rc.d/init.d/saslauthd start
setup,启用ipop3服务
/etc/rc.d/init.d/xinetd restart
测试:
adduser test
passwd test
用OUTLOOK测试
5、做ADSL拨号上网
adsl-setup
一步一步接着下一步
然后修改生成的配置文件/etc/sysconfig/network-scripts/ifcfg-ppp0
将里面的
[quote:6f57b6b1f4]
PPPOE_TIMEOUT=60
[/quote:6f57b6b1f4]
改为
[quote:6f57b6b1f4]
PPPOE_TIMEOUT=0
[/quote:6f57b6b1f4]
这样就不会因为没有数据传输而自动断线了
6、做NAT
vi /etc/sysctl.conf
修改
[quote:6f57b6b1f4]
net.ipv4.ip_forward = 0
[/quote:6f57b6b1f4]
为
[quote:6f57b6b1f4]
net.ipv4.ip_forward = 1
[/quote:6f57b6b1f4]
这样把默认允许转发打开,不用每次还有修改/proc/net/ipv4/ip_forward了
在防火墙里添加控制,允许NAT出去
[quote:6f57b6b1f4]
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
[/quote:6f57b6b1f4]
7、做SQUID
我沿用的RH73的SQUID配置,但在AS3里却遇到了问题
后来仔细看提示才发现,说找不到一个DNS SERVER,奇怪,我的ADSL拨号能PING通www.163.com啊
后来发现/etc/resvol.conf为空,我添加了一个DNS SERVER就行了
我的SQUID做了1000M容量,保存HTTP的1M大小以下的文件,这里就不细说如何配置SQUID了
另外别忘了在iptables里将80端口指向SQUID的端口,我的是默认的3128
8、DHCP
我仍然沿用RH73的dhcpd.conf,结果提示错误,服务无法启动,后来发现需要加个参数
[quote:6f57b6b1f4]
ddns-update-style ad-hoc;
[/quote:6f57b6b1f4]
我的配置文件如下
[code:1:6f57b6b1f4]
ddns-update-style ad-hoc;
max-lease-time -1;
default-lease-time -1;
option subnet-mask 255.255.255.0;
option broadcast-address 255.255.255.255;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1,202.106.196.152;
option domain-name "platinum.3322.org";
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.2 192.168.0.100;
host platinum {
hardware ethernet 00:0a:e6:a9:64:a2;
fixed-address 192.168.0.2;
}
host bchyi {
hardware ethernet 00:80:c8:e4:c1:e4;
fixed-address 192.168.0.3;
filename "/tftpboot/pxelinux.0";
}
}
[/code:1:6f57b6b1f4]
9、SAMBA
这个是最头疼的,因为这个困惑了我半天的时间
最开始,我沿用RH73的配置文档,发现网上邻居能看见,却无法访问
我的配置文档如下
[code:1:6f57b6b1f4]
[global]
client code page = 936
workgroup = HOME
server string = Samba Server
security = USER
encrypt passwords = Yes
update encrypted = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins proxy = Yes
wins support = Yes
remote announce = 192.168.0.255
remote browse sync = 192.168.0.255
create mask = 0777
directory mask = 0777
printing = lprng
[数据中心]
comment = DATACENTER
path = /share/DATACENTER
read only = No
[/code:1:6f57b6b1f4]
于是我将security = DOMAIN改成了security = USER
结果发现能出来了,但是进去以后,英文目录名没问题,中文全是乱码(大方框)
在RH73和RH9里百试百灵的,怎么在AS3里不行了?
于是我ssh,直接进入我的硬盘ls了一下,结果傻了,原来RH73看到的都是中文名字,现在变成了???等东西
……
经好好先生提醒,我想起来了,可能是和字符集有关系,于是补装ttfonts-zh_CN库,结果发现少装了好多东西,关联东西太多,无奈,又重新装系统……
现在好了,ls,发现仍然是???,无奈,选择默认字符集为GB2312,ls,没事了!
/etc/rc.d/init.d/smb restart
回到网上邻居,进入,发现仍然事乱码!
看来和字符集没关系,和SAMBA的配置有关系
testparm发现,client code page = 936这句话在AS3里并不好使,提示这句话错误
难道没办法显示中文了???
找了N多资料,在一个老外的论坛了找到了正确配置方法(显示中文的东西竟然在老外论坛里),用这两句话替代:
[color=red:6f57b6b1f4]dos charset=cp936
unix charset=cp936[/color:6f57b6b1f4]
现在SAMBA能用了,正确的配置文档如下
[code:1:6f57b6b1f4]
[global]
dos charset=cp936
unix charset=cp936
workgroup = HOME
server string = Samba Server
security = USER
encrypt passwords = Yes
update encrypted = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins proxy = Yes
wins support = Yes
remote announce = 192.168.0.255
remote browse sync = 192.168.0.255
create mask = 0777
directory mask = 0777
printing = lprng
[数据中心]
comment = DATACENTER
path = /share/DATACENTER
read only = No
[/code:1:6f57b6b1f4]
[color=red:6f57b6b1f4]注意:cp936是微软的磁盘系统中文标准,而gb2312是中国国家中文标准,二者略有不同,在LINUX中使用cp936能更好地与中文磁盘格式兼容[/color:6f57b6b1f4]
10、PROFTPD
这个对我来说是轻车熟路了,装了个1.2.9(最高版本,目前没漏洞),编译好
直接把配置文档贴出来吧
[code:1:6f57b6b1f4]
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerType standalone
DefaultServer on
AllowRetrieveRestart on
AllowOverwrite on
AllowStoreRestart on
ServerIdent on "Welcome to PLATINUM's FTP !"
DefaultRoot ~
DisplayLogin .welcome
DisplayFirstChdir .message
UseReverseDNS off
IdentLookups off
SystemLog /var/log/ftp.syslog
TransferLog /var/log/ftp.transferlog
TransferRate RETR 20 group hMovie
# MaxClientsPerUser 10 "已超过最大上限 10 个guest用户,请少后再试!"
# MaxClientsPerHost 4
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 002
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nobody
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
<Directory /share/DATACENTER/电影>
<Limit RNFR DELE WRITE>
DenyGroup hMovie
</Limit>
</Directory>
<Anonymous ~guest>
User guest
Group ftp
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
TransferRate RETR 10
# MaxClientsPerUser 30 "已超过最大上限 30 个guest用户,请少后再试!"
# MaxClientsPerHost 4
<Directory /share/ftp/上传目录>
Umask 000
<Limit RNFR DELE RETR>
DenyAll
</Limit>
</Directory>
</Anonymous>
[/code:1:6f57b6b1f4]
11、网络安全问题
服务架好了,网络安全不容忽视
这是我的“反弹式”防火墙
[code:1:6f57b6b1f4]
#! /bin/bash
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/iptables -F -t filter
/sbin/iptables -F -t nat
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
# ALLOW ALL in PRIVATE NET
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -j ACCEPT
# FTP
/sbin/iptables -A INPUT -m limit --limit 100/s --limit-burst 100 -p tcp --dport 21 -j ACCEPT
# SSH & TELNET
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
# VPN
#/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
#/sbin/iptables -A INPUT -p gre -j ACCEPT
# WWW
/sbin/iptables -A INPUT -m limit --limit 100/s --limit-burst 100 -p tcp --dport 80 -j ACCEPT
# MYSQL
# /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
# SOCKS5
# /sbin/iptables -A INPUT -p tcp --dport 8039 -j ACCEPT
# ICMP(PING)
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
/sbin/iptables -A INPUT -p icmp --icmp-type ! echo-request -j ACCEPT
# NAT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
# DNAT SQL-SERVER & RADMIN to PRIVATE NET
/sbin/iptables -A PREROUTING -t nat -p tcp -s ! 192.168.0.0/24 --dport 4899 -j DNAT --to 192.168.0.2:4899
/sbin/iptables -A PREROUTING -t nat -p tcp -s ! 192.168.0.0/24 --dport 5000 -j DNAT --to 192.168.0.3:4899
iptables -t nat -A PREROUTING -p tcp -m tcp -s 192.168.0.0/24 --dport 80 -j DNAT --to 192.168.0.1:3128
# DENY OTHERS
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -j MIRROR
[/code:1:6f57b6b1f4]
终于写完了,不容易,这17小时没白费!
| 好好先生 回复于:2004-02-19 14:54:10 |
| 呵呵!恭喜! |
| jackie God 回复于:2004-02-19 14:59:54 |
| 哈哈,好好,恭喜! 我也试一试! 那里下载REDHAT AS3!? |
| haohaoo 回复于:2004-02-19 15:04:59 |
| 不错,不过就是没有补丁啊 |
| wangfeixue 回复于:2004-02-19 15:05:29 |
| 学习AS中,看了,不错,顶一下! |
| platinum 回复于:2004-02-19 15:06:39 |
| [quote:e8b7e4a701="haohaoo"]不错,不过就是没有补丁啊[/quote:e8b7e4a701] 少什么补丁? |
| wangfeixue 回复于:2004-02-19 15:12:39 |
| 现在有SP1,SP2的补丁了 |
| platinum 回复于:2004-02-19 15:13:31 |
| 哪里能弄到? |
| wangfeixue 回复于:2004-02-19 15:15:40 |
| 你google找一下,也就是很多rpm包的集合罢了 |
| luoyuan21 回复于:2004-02-19 15:44:06 |
| 好东西,我也一直找不到解决samba访问共享中文文件出现????的问题,现在终于找到拉,谢谢! |
| luoyuan21 回复于:2004-02-19 15:50:03 |
| 另外redhat 9.0好象也是用unix charset=GB2312才能解决中文问题,我用过codepage=936不行,现在我用的是AS3.0 |
| linuxsky 回复于:2004-02-19 15:52:41 |
| 不错。。实用型文章。 |
| luoyuan21 回复于:2004-02-19 15:54:39 |
| 我刚刚试了一下,在Xwindows下看到中文依然是????这个样子,请问能不能解决呢? 期待中! |
| linuxsky 回复于:2004-02-19 15:56:03 |
| 建议用pureftpd+mysql 我用了两年的proftpd 刚换成了pureftpd 因为我觉得pureftpd简单,容易设置。而且中文支持很好。 |
| platinum 回复于:2004-02-19 16:07:34 |
| [quote:148251ea58="luoyuan21"]我刚刚试了一下,在Xwindows下看到中文依然是????这个样子,请问能不能解决呢? 期待中![/quote:148251ea58] 可能和你默认字符集有关系吧? |
| 东方英明 回复于:2004-02-19 16:11:32 |
| up |
| luoyuan21 回复于:2004-02-19 16:43:38 |
| 那请问怎么改阿?我 是 刚学linux不是很久,还不太懂,请多之指教! |
| luoyuan21 回复于:2004-02-19 18:26:40 |
| 怎么没人回答?自己顶一下! |
| 零二年的夏天 回复于:2004-02-19 19:36:01 |
| 楼主辛苦! |
| mauricze 回复于:2004-02-20 01:50:57 |
| gut up |
| bjchenxu 回复于:2004-02-20 13:35:07 |
| 确实不错,感谢作者 |
| small-bird 回复于:2004-02-20 15:11:16 |
| 白金的贴子这么受欢迎啊!!! :D :D |
| platinum 回复于:2004-02-20 22:00:51 |
| :mrgreen: 这还不是“逼”出来的嘛…… :em06: |
| llzqq 回复于:2004-02-21 07:28:01 |
| platinum兄,有时间研究一下RHAS3.0的升级问题,难道非得自己一个一个地安装升级包啊! |
| Linux@初学者 回复于:2004-02-21 10:32:34 |
| 我的FTP上有升级包啊,是本坛的一位好人传上去的,大家去下吧 ftp://download:download@210.51.9.6 |
| 好好先生 回复于:2004-02-21 10:40:57 |
| [quote:69fd3778d3="Linux@初学者"]我的FTP上有升级包啊,是本坛的一位好人传上去的,大家去下吧 ftp://download:download@210.51.9.6[/quote:69fd3778d3] 上google 上搜。有人已经做好了一个虚拟光驱的文件。下来后刻成光盘替换第一张安装盘就行了。 |
| Linux@初学者 回复于:2004-02-21 10:43:16 |
| OK,找到了放我FTP上啊 |
| 好好先生 回复于:2004-02-21 10:45:18 |
| 里面的apache升级成了2.0.47原来是2.0.46。但是不太方便……,自己搜一下就可以找的到。 |
| 多情公子 回复于:2004-02-21 14:30:55 |
| 那里有AS3光碟出售啊~? |
| platinum 回复于:2004-02-23 01:22:01 |
| 到处都有下 LINUX◎初学者的FTP上也有 |
| HonestQiao 回复于:2004-02-23 15:53:12 |
| 8错 |
| dlisme 回复于:2004-03-04 09:41:37 |
| 郁闷我n久的samba字符问题终于解决了。多谢楼主。 |
| lzblzb 回复于:2004-03-04 11:02:31 |
| 呵呵,不错,学了不少新东西! |
