Log

How totally, utterly, completely useless.

Well, since my server was dead as a brick anyway, I decided to put Linux 2.6 on the new machine during the reinstall, mostly for the ext3 support (yes, I know they also backported it to 2.4)

Being used to ipchains, I was always too lazy too find out how the new netfilter stuff worked. But now the server had been down for three weeks anyway, so I thought it wouldn't matter if it took me two more days to get NAT and my firewall running again.

Configuring the kernel
Turns out of was a real cinch. Just had to compile in support for CONFIG_NETFILTER, CONFIG_IP_NF_CONNTRACK, CONFIG_IP_NF_IPTABLES and then select some NetFilter matching modules (I chose a couple, but you only really need CONFIG_IP_NF_MATCH_IPRANGE, CONFIG_IP_NF_MATCH_PKTTYPE for the firewall I believe).

Setting up masquerading
After booting the new kernel, all I had to do to get masquerading to work was run this:

iptables -t nat -A POSTROUTING -i eth1 -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

and masquerading worked.

Setting up the firewall
At first, IPtables seemed to work the same as IPChains. Turns out though that there are some subtle differences. For instance, the chain names (INPUT) are case-sensitive with iptables. I also had to manually insert some modules to get the various targets (REJECT) for the rules to work. Another caveat was the fact that iptables works on a first-rule-matches bases. My old setup (ipchains) closed all ports < 1024 and then opened up things like HTTP and SMTP. For iptables, I had to first open up a couple of ports and then close everything below 1024. Quite counter intuitive, but anyway.

Ultimately, I ended up with these modules loaded:
ipt_iprange
ipt_REJECT
iptable_filter
ipt_MASQUERADE

and a whole bunch if lines similar to these for the firewall:

iptables -A INPUT -i eth0 -p tcp --destination-port 20:22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 110 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 443 -j ACCEPT

# Deny all this shit below 1026
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1025 -j REJECT
iptables -A INPUT -i eth0 -p udp --destination-port 1:1025 -j REJECT

More information
More information on setting up masquerading with iptables can be found here.

It's finally here. Firefox v1.0.

Changes for this release include better tabbed based browsing, more languages and lots of bugfixes.

Spread the word.

Press release

Unfortunatelly, the fix for this bug didn't make the cut for FF1.0 :(

As some of you may already know, Merel and I broke up after almost 3 years of being together. It was a hard decision for us, but we both decided to call it quits. Things had been going downhill for a while now and we kept growing apart further and further. Finally we could no longer deny the fact that we both wanted very different thing from life and that our personalities collided on various subjects.

Even though we turned out to be too different from eachother, there were still a lot of things we had in common. I'll really miss going to metal festivals with her for instance. Even though we will remain friends, it just won't be the same anymore.

It's been three weeks since we broke up, and life goes on. On the one hand I still miss her now and then, on the other it's nice being single again.

We had a nice three-years and I wouldn't trade it for the world, but now it's time to move on again.

All server problems seem to be fixed. I may run into some problems along the way, but they will be fixed as soon as I find them. For now I believe everything is up and running again. On the good side, this server is now about 3 times as fast and has around 10 times as much memory as before.

Wemail en web FTP are running again. PHP has been fixed and all backups have been placed back. Everybody's webpages are available again. Unfortunatally, all stored e-mails are gone, since I didn't make any backups of those out of privacy concerns. All stored webmail preferences and addressbook entries are restored.

If you run into any problems, do not hesitate to contact me.

Thank you for your patience.

Hello folks,

Sorry for the extremely long delay in fixing the problems with this server. FYI: This server, along with all the webpages and all the other crap on it, has been down for almost two weeks now. It'll take too long too explain, but all I can tell you is that it's been nasty and I'm very sorry about the long delay. I've experienced some unforseen technical and personal problems which needed to be resolved before I could start fixing the problems with this server.

For now, all webpages are working again. Mail should be working too, but no access to the webmail is possible at this time. I will continue to work on the problem every hour of my sparetime. Please bare with me.

More information will follow. Watch this space.