Category Archives: Linux

Linux stuff.

Vyos first impression

So just started playing with Vyos, a community fork of Vyatta. Vyatta, now owned by Brocade, is a Linux, Debian based firewall / router distro running on X86 hardware. Renamed to Vyatta, a Brocade company, Brocade sell subscription models and appliances, built round the system. Vyatta has a webgui but the command line structure is I gather based on Juniper Networks Junos. A popular rivle to Cisco’s IOS.

Vyos is freely available and like it’s commercial cousin, runs on X86 hardware and a variety of virtulisation platforms. For my purposes I’ve just installed it to a VM under VMware Workstation. It is apparently possible to install to compact flash card for use in single board PCs, such as the PC Engines Alix. However the usual problem of limitting writes to that media apply, so logs need to be redirected.

At time of writing I’m using Vyos Helium, the second major release. V1.1.0. There is no webgui implemented yet, which personly suits me fine. Command line tools have a higher learning curve but are so much faster once you know them. The on board CLI help, like Cisco IOS is very useful. With the usual “?” offering options for the given mode. Yes like Privileged Exec and Global Configure, the familiar dropping into modes to perform sets of tasks applies here. The “configure” command gets you to global config. Changes are only applied once the “commit” command is given and “save” stores to disk.

One of my reasons for wanting to try Vyos, aside curiosity, is that I’ll be working on some Ubiquiti routers shortly. Their Edge OS is another fork of Vyatta and shares the same command syntax, at least thus far.

I’d say I like Vyos a lot at this point except for one major nag. That is, I’m not currently abel to get my Vyos VM working with VMware Virtual Network Adapters in Workstation. So I can’t connect this VM to the rest of my internal virtual networks. This maybe a misunderstanding on my part, some setting I’ve missed or possibly only works on VMware VSphere. The bare metal hypervisor. This is a great shame. I’ve posted to the Vyos forums but not had a reply. Anyway, will continue nosing around this issue.

Raspberry Pi as Wifi Access Point

Have your own Linux router / access point, provide guests with wireless network access.

Obviously using a Pi model with a RJ45 lan port and a usb wifi adapter. When soursing the latter, make sure it is compatible and won’t require a powered usb hub. I purchased one from.

Your Pi will need to be connected to wired LAN, with internet access. It will NAT to it’s ethernet address and use a lightweight DHCP server to give wireless clients IP addresses.

Assuming the pi is already running Raspbian, SD card image has been expanded, default password changed, networking with internet access working. Sudo to root to run following commands.

Install software.
sudo apt-get install hostapd isc-dhcp-server

Configure DHCP server information for our new wifi subnet.

Using example network. With the first 10 addresses reserved for static asignment.

nano /etc/dhcp/dhcpd.conf

Comment out the following lines, thus.

#option domain-name “”;
#option domain-name-servers,;

Uncomment authoritative in the below line.

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.

Ad the following lines at the bottom.

subnet netmask {
option broadcast-address;
option routers;
default-lease-time 600;
max-lease-time 7200;
option domain-name “local”;
option domain-name-servers,;

Save and exit.

The wifi adapter will likely show up as wlan0. To check do.




You can use the below command to see if your usb adapter is recognised.


Shut it down whilst we configure DHCP.

ifdown wlan0

Now edit the main configuration file for DHCP server.
Add our wifi interface in.

interfaces =”wlan0″

Save and exit.

Configure wlan0.

nano /etc/network/interfaces

Comment out any config lines already present for wlan0 by prepending a #.

Then add

iface wlan0 inet static

Save and exit.

Configuring the hostapd access point daemon.
In order to get the RTL8187CUS driver working, it was necessary to use this replacement for hostapd below.

Replace the name of the wifi adapter driver listed in the config with yours if different. Check with.


Create the config file and add the below lines.

nano /etc/hostapd/hostapd.conf


Save and exit. Then edit the main hostapd config file to point it to the above setup config.

nano /etc/default/hostapd

Save and exit.

Because our pi will be acting as a router, forwarding from wlan0 to eth0, we need to enable IP forwarding in the kernel. To enable this at boot edit.

nano /etc/sysctl.conf

Scroll to the bottom and add

on a new line. Save and exit.

To enable IP forwarding immediately do.

sh -c “echo 1 > /proc/sys/net/ipv4/ip_forward”

Now configure NAT so our wifi users get access to the rest of the network using the pi’s eth0 address.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
To enable this at boot, you can save the rules to a file called nat-rules, for example, and have them read back in. Do

iptables-save nat-rules

In the file, /etc/network/interfaces under the wlan0 config, add the line.

post-up iptables-restore nat-rules

Bring up wlan0 with.

ifup wlan0

To test the access point run it with.

/usr/sbin/hostapd /etc/hostapd/hostapd.conf

Assuming the ap it’s working, to have hostapd and dhcp-server run at boot, do.

update-rc.d hostapd enable
update-rc.d isc-dhcp-server enable

Check status with.

service hostapd status
service isc-dhcp-server status
update-rc.d hostapd enable

Depending on your distro, you may need to remove WPASupplicant. Do so by running this command:

sudo mv /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service ~/

And then rebooting.
That’s it. :)

Router Distro Headaches

I mentioned Voyage Linux as the os on my virtual routers. Recently I’ve also been trying to get a couple of others working. Namely, ZeroShell and PFSense.

ZeroShell Is working as a VM but I haven’t got it doing that much. I mainly want to test it as a wireless AP and possible Radius server. It only supports Atheros wireless chipsets of which I have none. The Atheros USB adapter I found may not be entirely straight forward in use it seems. I plan at some point to try this on a PC Engines borrowed Wrap or Alix. as

The appeal of the Debian based ZeroShell to me is that it can be configured through a web based gui. It has a lot of features and the ability to unlock other packages by making a contribution. The 3G failover capability is particularly intriguing but alas I’ve not had much luck with a Huawei E303 dongle.


PFSense is a FreeBSD based router / firewall, again with a web based gui. I have been trying to get this booting on the aforementioned Alix, as it’s setup as a DHCP server out of the box. This hasn’t worked as yet despite following their instructions, updating the Alix bios and so on.

More hopefully when I make progress.

Setting up Postfix and Mutt. 01

Install and configure Postfix

This is a basic setup of Postfix. The mail users have system accounts on the mail server so in this instance, will log into the server to read and send mail. The example client is Mutt, shown at the end.

I’ve included the configuration for the SASL (Simple Authentication and Security Layer) daemon here. We do not need it now but for sending mail from remote systems we will. I wanted to keep the blog posts short so the next will follow on, adding to this config.

At time of writing, I’m using Postfix 2.10.0 on Ubuntu Server 13.04 in a virtual machine in VMWare Workstation 10, on Windows Seven Professional.

Instructions below assume you’re running as root.

Install the application and documentation:

apt-get install postfix postfix-doc

The initial configuration screen is somewhat tricky to use with a screenreader. If possible choose no configuration. We’ll edit by hand.
There are 2 main configuration files in Postfix. /etc/postfix/ and /etc/postfix/

We will only be making changes in at this time.

If you have an admin account on the system, edit /etc/aliases accordingly, so that account receives mail for postmaster via root.

# see man 5 aliases for format
postmaster: root
root: admin

Run the newaliases command to rebuild the alias database:


Edit with basic server details. Spaces around the “=” are optional.
mydestination=$myhostname, localhost.$mydomain, $mydomain, localhost

Authenticating SMTP with SASL

For clients to authenticate we will use the SASL libraries.

With the below setup, sasl with authenticate email users against the system password file. i.e. The email users have system accounts on the
machine running postfix.

apt-get install sasl2-bin

We want the saslauthd authentication demon to start at boot.

Edit /etc/default/saslauthd

start = yes

Create /etc/postfix/sasl/smtpd.conf and add.

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

If we wanted to use an external method of checking passwords, we’d change the above line to.

pwcheck_method: auxprop

For example to use the sasl password file instead, which is at.

If using the sasldbd to authenticate users, for example in the case where users do not have system accounts. You need to choose the sasldb
mechanism in /etc/default/saslauthd.
mechanisms = “sasldb”

If using the sasldb2 file, you add users with the saslpasswd2 command.

saslpasswd2 -c -u newuser
Again for verification:

-c = create.
-u = realm.

Back continuing with our example using the system password file. i.e. we’re assuming our email users also have system accounts.

Add the user postfix, to the sasl group. This isn’t always necessary.

adduser postfix sasl


The parameters for working with sasl start with smtpd_sasl for the postfix server and smtp_sasl for postfix acting as a client. i.e. if sending
mail to a relay that requires a login.

Switch on smtpd authentication.
smtpd_sasl_auth_enable = yes

For some older clients, that didn’t implement the smtp authentication protocol correctly, you can add the following line, although it may not now
be necesary
broken_sasl_auth_clients = yes

To help prevent senders spoofing their from address, you can map the email address to a system user in a map file. Create and then run postmap
against it. newuser

postmap /etc/postfix/sasl_senders

And add the below line to
smtpd_sender_login_maps = hash:/etc/postfix/sasl_senders

The next lines for are to permit legitimate users.

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

By default, postfix will block anonymous logins from outside your network. If you’re using some other method for checking passwords, such as md5,
you will need to list it in However, if you do that, you also need to explicitly list noanonymous, as you’ve changed the default.

smtpd_sasl_security_options = noanonymous, plaintext

The below is my file. I have moved some of the lines around simply for layout purposes. It doesn’t matter which order they’re in as far as postfix is concerned.

Cat /etc/postfix/
# See /usr/share/postfix/ for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
mydestination=$myhostname, localhost.$mydomain, $mydomain, localhost
mynetworks = [::ffff:]/104 [::1]/128

smtpd_recipient_restrictions = permit_mynetworks,

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA’s job.
append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html

Restart postfix

postfix reload.

Restart the saslauthd daemon:

service saslauthd restart.

Remember we’re using system accounts at this point. To test your login with saslauthd uset the commands:

testsaslauthd -u username -p password

Also at this point, the only host that can send mail with out authenticating is the server itself. This is the default. You can add your local
private subnet to the mynetworks parameter if desired. Assuming your subnet is add to the end.
mynetworks = [::ffff:]/104 [::1]/128

Be careful if you change the default, which networks you add to this parameter. You *Do not* want to make your mailserver an open relay.

The home_mailbox=Maildir/ parameter is an alternative to the Unix style mbox format. We need the Maildir format for later when it comes to adding an IMAP server to our setup. Other IMAP servers are available Dovecot, Cyrus but I’ll be using Courier.

Install and configure the Mutt mail client

Mutt is a text based mail client that the users can access from the terminal

Apt-get install mutt

Alas I can’t recall where, otherwise I’d link to them. But I found the following configuration for the Mutt mail client online and it’s worked for me. Just add the following lines at the end of the /etc/Muttrc configuration file. Note: Muttrc starts with a capital M.

set mbox_type=Maildir
set folder=”~/Maildir”
set mask=”!^\\.[^.]”
set mbox=”~/Maildir”
set record=”+.sent”
set postponed=”+.postponed”
set spoolfile=”~/Maildir”


You can view and edit parameters in with the postconf command.

postconf -d (parameter name.) Display
postconf -e (parameter name=value.) Edit.

Always restart the postfix service after making changes so the main configuration file is reread.

Postfix reload

When editing the /etc/aliases file use the newaliases command to rebuild the database. You can move this file where you want but if you do so, you then need to use the postfix command, postalias.

Postalias (path-to-aliases)

In troubleshooting view the log which by default is at. /var/log/mail.log.

To check the sintax of your configuration try the command:

Postfix check

There are various other commands for administration in Postfix. Consult the documentation.

Although published a while ago, a useful book is Postfix the Definitive Guide written by Kile D Dent, published by O’Riely Press.

Setting up a mailserver: Intro

Following will be a few step by step posts on setting up a mailserver on Linux.

I make no guarantees and you’d obviously be wise to do this on a test machine in a private network before setting up a live system.

I’m using a Ubuntu Server for the examples. The MTA (Mail Transport Agent) I’ll be using is Postfix, certainly initially. Later I may look at Exim. I’ll not be touching Qmail or Sendmail because frankly life’s too short.

Postfix’ home page is.

vi. Quick notes.

Unless you’ve been a long time *nix user, you may not be part of the EMacx, vs vi school. Perhaps like me, you prefer using something like Nano to edit text files in the terminal.

Problem is, on many systems such as those running embedded Linux and using something like Busybox, these more user friendly editors simply aren’t available. Even if the system has a package manager and their exists your favourite editor in a package repositry, you may not have the permissions to install them. But you still need to edit a text file. Granted, if you’re not root or listed in sudoers, you’re not going to be able to edit anything in /etc anyway but maybe you just need to write a note in /home.

Thankfully the text editor vi should always be included in a Posix compatible environment, like those running Busy Box. But you load it up and realise you can’t use your mouse and you don’t have time to read the manual. Fear not, see below.

Vi operates in 2 modes. Command and insert. Insert is where you actually enter text, command operate upon the text.

Press i to enter insert mode and esc to back out to command mode.

If you’re not sure you’re in command or insert mode. Press escape a couple of times. You may hear a ping indicating you’re already in command mode.

These days cursor keys should work moving around in command mode, otherwise:

Left: UP: Down: Right:
h. j. k. l.

Enter insert mode

Some comomn commands: (Note caps.)

Exit with out save, ignore write protect.


Save / write

Save and overwrite protection.

Save and exit
:x. Or, :wq. Or ZZ

Save buffered file as:
:w newfile

Return to point of last save.

Edit another file with out leaving vi:
:e file2

Some editting commands.

Give a number after command if desired.

Delete from cursor to end of word:

Delete from cursor to end of line.

Delete lines.

Delete from current line to end of file.

Delete character under cursor:

Yank (copy) word from cursor

Yank (copy) line.

Paste after cursor.

Paste before cursor.



There are many more of course. Have a look at:

Simple automated backup with Robocopy

Linux / Unix systems have Rsync, a very useful tool that does what it sounds like it does. Remote sync directories and files. It has a number of options and can be used in conjunction with SSH for secure syncing. Whilst there’s a version available for Windows called CWRsync, which operates in the Cygwin environment, it didn’t quite work in my situation.

Since Windows Vista, Microsoft have included a command line tool called Robocopy. However there are gui’s available, see Wiki entry. Robocopy like Rsync, has a number of options and defaults to only copying the source files to the destination if they’re newer or of different sizes.

With something like the simple batch script below, you can automate backups. You could assign this to a schedule in Windows but strangely I prefer to run it manually. I’ll only mention the options I’ve used as there are quite a few.

Syntax is Robocopy

Robocopy “c:\users/me\My Documents\source” \\server\home\me /s /xo /FFT /Z /log+:”c:\users\me\My Documents\scripts\backup.log”

/s. Copy all non empty sub directories. /e will copy all including empty ones.
/xo. Exclude copying files if the destination version is the same or newer than the source.
/Z. Resume mode, in case of network problems.
/fft. FAT File times, 2 second granularity. I read of some people having problems with source dates not being correctly calculated and the source being copied in it’s entirety each time. Using this switch was given as a possible resolution.

Note the quotes in the source path. Needed if you have any spaces in file / folder names.

The last line echo, makes the internal speaker beep when done. There’s actually a character after the echo which has not been displayed here. How to obtain it for a script Open a command prompt. Windows key + r, type cmd.
Echo ^g > beep.txt

Then copy and paste the contents of beep.txt after your echo statement.

Robocopy on Wikipedia

Virtual Vinux Revisitted

Last year I tried running the virtual Vinux distribution under Windows XP Home SP3. Whilst it worked with no major problems and was easy to set up, orca’s speech was rather crackly. This made it in the end, pretty difficult to use for any length of time. Role on several months, I’m now using Windows Seven Professional and decided to try it again.

I downloaded Vinux virtual from the Vinux project website.

It might be worth noting, the virtual edition is 3.02. This is based on Ubuntu 10.4 LTS. The standard release of Vinux is now at version 4.0, based on Ubuntu 12.04.2 LTS.

The download includes instructions for running Vinux, some batch files for assisting in the customisation and the free VMWare Player. The VMWare Player allows users to host virtual machines on their desktop. VMWare recommend at least 1GB of RAM and a 2.0 GHZ processor to host a virtual machine successfully. For the record, I’m running it on a 2.4 GHZ Intel Quadcore q6600 system with 4 GB of RAM. The host operating system is Windows Seven Professional. VMWare products are also available for Linux and mac.

In practise.

After following the installation instructions, which guide you through adding the Vinux virtual machine to VMWare Player and offer some quick start tips, you should now have an accessible version of Linux comfortably hosted within Windows. I used the default settings, giving the VM 512MB of RAM and 80GB of disk space. It performs very well although I’ve not done anything taxing with it yet. You can of course add software as you normally might within Debian derived Linux’, with apt-get for example. Switching between the VM and Windows is done through a simple keyboard short cut when the VMWare Player has focus. Various settings for the VM can be edited in a regular text editor using the .vmx file in the download.

Next I intend to install the Virtual Network Editor, which is part of the VMWare Player software although not installed automatically. The purpose being, so I can access the Vinux machine from other hosts on the network.

Users on Linux

Quick notes on adding users in Linux. As they say,, check the man pages or get a good book on the subject for more detail. One such book, The Linux Cookbook by Carla Schroder, published by OReilly Press.

Adding new user.

To add a new user and have the system automatically generate them a home directory. Example for Sarah.
useradd -m Sarah

To include space for the GECOS data, use the comment option -c. Typically there are 5
fields. If you just want their full name listed, leave the other fields blank by adding
useradd -m m -c Sarah Johnson,,,, Sarah

Note, her login name will just be Sarah. This must be unique on the system. Once you’ve run this command, you need to set her password with:

passwd Sarah

You’re then prompted to enter and confirm the new password. There are other options with passwd. For example, -e, expire password at first login, forcing the user to choose a new one. –x specify how long the password will be valid for, in days. -w. Specify how many days before expiry the user should get a warning.

Preventing a user having shell access.

For example, if they have an account on the system just to retrieve email with a client. You need to indicate their shell access is:

As opposed to.

or whatever shell you’re generally using.

You can use the usermod command to set this if the user already exists. Example, no shell access for Derek:
usermod -s /bin/nologin derek

If you’re adding a new user called jerry:
useradd -s /bin/nologin jerry

You can also directly edit passwd instead if you really want, however, it’s a good idea to back up files such as that before manually editing. For example.
cp /etc/passwd b/etc/bk.passwd

To suspend a users account, let’s call them Dan, probably the best way is to use:
passwd -l Dan

To rre-enable their account:
# passwd -u Dan

Again, this can also be done by manually editting the passwd file. I.e. putting an “!” mark at the beginning of the password field or replacing the “x” with an “*”.

An intro to Vinux

Vinux is an accessible Linux distribution put together by the very helpful people behind the Vinux Project.

Vinux can be run as a live boot version from CD, DVD or USB memory stick. The current version of Vinux is based off the Ubuntu Lucid Linx LTS version, 10.4. The current Vinux version at time of writing is 3.2. Check the Vinux project website for more detail and links to downloads. One of the great things about this distro, aside it being produced with low vision or blind users in mind and tweaked accordingly, is that it will talk you through it’s very installation. With out setting scripts for an unattended installation, to my knowledge there’s simply no way a blind computer user can install Windows independently. Microsoft’s very basic screen reader, Narrator, doesn’t run from the installation media, so you’re reliant on sighted help. Being able to setup Vinux from the get go, is a real bonus in my opinion.

The hardware I’m currently running it on is a 6 year old Dell laptop, with 512MB RAM, 1.7 Pentium Mobile processor. By these day’s standards a puny machine. In fact, it was becoming barely useable under Windows XP and needed a fresh reinstallation. (Something frankly I couldn’t be bothered to do, even if I’d found the Dell recovery disk.) SO having tested Vinux from a USB live version and become quite impressed, I decided to install.

At that time, I did this as a side by side installation with Windows. This presents the user with a Grub bootloader menu. This is not spoken of course as no operating system has loaded yet. Therefor it’s a good idea to get someone to read you the menu order and memorise the options.

Whilst I found running the USB live version pretty reliable, having installed to HD, I had various problems with losing speech and inconsistency with whether speech would start at all after boot. The screen reader itself Orca was loaded but no speech. With out going into describing the minimally successful adjustments, made after Googling the issue, eventually I waited until the new 3.2 version of Vinux was released earlier this year (2012.) Since then the system has been far more useable, reliable and productive.

As blind computer or technology users in general, there are always little nagging unforeseen (no pun intended) problems. Some things are resolved and improved as a technology matures. Conversely, new software can break previous access methodologies. Not exclusive issues to users of access technology of course. With that in mind, what the volunteers in the Vinux Project have done is invaluable in furthering the accessibility of computing to blind and visually impaired users.

Whilst I can’t replace Windows with Vinux at this time. (There’s simply too much software I need on that oS.) Linux and this particular distro, for it’s working straight out the box, are my go to system as I learn more about networking and system admin. Of course a great many people are now using Linux systems for more general applications, web surfing, document processing and so on. People previously tied to the Microsoft world have been increasingly enticed by distros such as Ubuntu and Mint. Blind people too have been using Linux in various ways for several years. Orca, the screen reader on the Gnome desktop environment has been around a while. However, getting it all working involved having to learn to make a considerable amount of technical tweaks and problem solving. Not something any average computer user wants to do. So for a newbie like myself, Vinux whilst by no means perfect, has really moved things on and I thank all those involved in the ongoing project for bringing this advancement.

To try Vinux out, I’d recommend booting it live off a USB stick. If in the seemingly unlikely event, your BIOS doesn’t support that but you have a reasonably powerful machine, you can run it in a virtual machine. Instructions for both can be found by going to.

NB: The link to the Virtual Edition from the front page is broken. Go to the downloads section.