xcl01 (eXternal CLient 1)

Primary tabs

LIC topology: IBM PCs

introduction

The computer xcl01 pretends to be the Internet. This is connected to the internet firewalls so I can test them by thrashing the nuts off them. Things specific to this host are listed below. The list is grouped by infrastructure layer.

Every host name in the LIC has five characters like this one.

LIC topology: build the PC xcl01
the home network to the LIC cables
eth0 (DHCP)
eth1 (200.0.0.2)
eth2 (200.0.0.33)
eth3 (200.0.0.65)
bond0 (200.0.0.1)

hardware

I buy PC things. Specifically, a Dell OptiPlex GX260. Wikipedia (http://en.wikipedia.org/wiki/Dell_OptiPlex) has this summary.

  • Model: GX260
  • Chipset: Intel 845G
  • CPU: Pentium 4 or Celeron
  • FSB: 400/533 MHz
  • RAM type: DDR 200/266
  • RAM speed: PC2700
  • Chassis: SFF, SD, SMT
  • Comments: PATA only, no SATA Socket 478
  • USB: USB 2.0 x6

xcl01:~# lshw
xcl01
    description: Mini Tower Computer
    product: OptiPlex GX260
    vendor: Dell Computer Corporation
    serial: DCT5H0J
    width: 32 bits
    capabilities: smbios-2.3 dmi-2.3 smp-1.4 smp
    configuration: administrator_password=enabled boot=normal chassis=mini-tower cpus=1 power-on_password=enabled uuid=44454C4C-4300-1054-8035-C4C04F48304A
  *-core
       description: Motherboard
       vendor: Dell Computer Corp.
       physical id: 0
       serial: ..              .
     *-firmware
          description: BIOS
          vendor: Dell Computer Corporation
          physical id: 0
          version: A09 (11/01/2004)
          size: 64KiB
          capacity: 448KiB
          capabilities: isa pci pnp apm upgrade shadowing escd cdboot bootselect edd int13floppytoshiba int5printscreen int9keyboard int14serial int17printer acpi usb agp ls120boot biosbootspecification netboot
     *-cpu
          description: CPU
          product: Intel(R) Pentium(R) 4 CPU 1.80GHz
          vendor: Intel Corp.
          physical id: 400
          bus info: cpu@0
          version: 15.2.4
          slot: Microprocessor
          size: 1800MHz
          capacity: 3060MHz
          width: 32 bits
          clock: 400MHz
          capabilities: boot fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm up pebs bts
          configuration: id=0
        *-cache:0
             description: L1 cache
             physical id: 700
             size: 8KiB
             capacity: 16KiB
             capabilities: internal write-back data
        *-cache:1
             description: L2 cache
             physical id: 701
             size: 512KiB
             capacity: 512KiB
             capabilities: internal varies unified
     *-memory
          description: System Memory
          physical id: 1000
          slot: System board or motherboard
          size: 1GiB
          capacity: 1GiB
        *-bank:0
             description: DIMM SDRAM Synchronous 266 MHz (3.8 ns)
             physical id: 0
             slot: DIMM_A
             size: 1GiB
             width: 64 bits
             clock: 266MHz (3.8ns)
        *-bank:1
             description: DIMM SDRAM Synchronous 266 MHz (3.8 ns) [empty]
             physical id: 1
             slot: DIMM_B
             width: 64 bits
             clock: 266MHz (3.8ns)
     *-pci
          description: Host bridge
          product: 82845G/GL[Brookdale-G]/GE/PE DRAM Controller/Host-Hub Interface
          vendor: Intel Corporation
          physical id: 100
          bus info: pci@0000:00:00.0
          version: 01
          width: 32 bits
          clock: 33MHz
          configuration: driver=agpgart-intel
          resources: irq:0 memory:f0000000-f7ffffff(prefetchable)
        *-display
             description: VGA compatible controller
             product: 82845G/GL[Brookdale-G]/GE Chipset Integrated Graphics Device
             vendor: Intel Corporation
             physical id: 2
             bus info: pci@0000:00:02.0
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: pm vga_controller bus_master cap_list rom
             configuration: driver=i915 latency=0
             resources: irq:16 memory:e8000000-efffffff(prefetchable) memory:ff680000-ff6fffff
        *-usb:0
             description: USB Controller
             product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1
             vendor: Intel Corporation
             physical id: 1d
             bus info: pci@0000:00:1d.0
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: uhci bus_master
             configuration: driver=uhci_hcd latency=0
             resources: irq:16 ioport:ff80(size=32)
        *-usb:1
             description: USB Controller
             product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2
             vendor: Intel Corporation
             physical id: 1d.1
             bus info: pci@0000:00:1d.1
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: uhci bus_master
             configuration: driver=uhci_hcd latency=0
             resources: irq:19 ioport:ff60(size=32)
        *-usb:2
             description: USB Controller
             product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3
             vendor: Intel Corporation
             physical id: 1d.2
             bus info: pci@0000:00:1d.2
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: uhci bus_master
             configuration: driver=uhci_hcd latency=0
             resources: irq:18 ioport:ff40(size=32)
        *-usb:3
             description: USB Controller
             product: 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller
             vendor: Intel Corporation
             physical id: 1d.7
             bus info: pci@0000:00:1d.7
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: pm debug ehci bus_master cap_list
             configuration: driver=ehci_hcd latency=0
             resources: irq:23 memory:ffa00800-ffa00bff
        *-pci
             description: PCI bridge
             product: 82801 PCI Bridge
             vendor: Intel Corporation
             physical id: 1e
             bus info: pci@0000:00:1e.0
             version: 81
             width: 32 bits
             clock: 33MHz
             capabilities: pci normal_decode bus_master
             resources: ioport:e000(size=4096) memory:ff800000-ff9fffff memory:40000000-400fffff(prefetchable)
           *-network:0
                description: Ethernet interface
                product: RTL-8169 Gigabit Ethernet
                vendor: Realtek Semiconductor Co., Ltd.
                physical id: 8
                bus info: pci@0000:01:08.0
                logical name: eth1
                version: 10
                serial: 00:e0:4c:b4:33:b8
                size: 10MB/s
                capacity: 1GB/s
                width: 32 bits
                clock: 66MHz
                capabilities: pm bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half latency=64 link=no maxlatency=64 mingnt=32 multicast=yes port=MII slave=yes speed=10MB/s
                resources: irq:17 ioport:ec00(size=256) memory:ff8ffc00-ff8ffcff memory:40000000-4001ffff(prefetchable)
           *-network:1
                description: Ethernet interface
                product: RTL-8169 Gigabit Ethernet
                vendor: Realtek Semiconductor Co., Ltd.
                physical id: 9
                bus info: pci@0000:01:09.0
                logical name: eth2
                version: 10
                serial: 00:e0:4c:b4:33:b8
                size: 10MB/s
                capacity: 1GB/s
                width: 32 bits
                clock: 66MHz
                capabilities: pm bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half latency=64 link=no maxlatency=64 mingnt=32 multicast=yes port=MII slave=yes speed=10MB/s
                resources: irq:18 ioport:e800(size=256) memory:ff8ff800-ff8ff8ff memory:40020000-4003ffff(prefetchable)
           *-network:2
                description: Ethernet interface
                product: RTL-8169 Gigabit Ethernet
                vendor: Realtek Semiconductor Co., Ltd.
                physical id: a
                bus info: pci@0000:01:0a.0
                logical name: eth3
                version: 10
                serial: 00:e0:4c:89:33:0c
                size: 10MB/s
                capacity: 1GB/s
                width: 32 bits
                clock: 66MHz
                capabilities: pm bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half ip=200.0.0.65 latency=64 link=no maxlatency=64 mingnt=32 multicast=yes port=MII speed=10MB/s
                resources: irq:19 ioport:e400(size=256) memory:ff8ff400-ff8ff4ff memory:40040000-4005ffff(prefetchable)
           *-network:3
                description: Ethernet interface
                product: 82540EM Gigabit Ethernet Controller
                vendor: Intel Corporation
                physical id: c
                bus info: pci@0000:01:0c.0
                logical name: eth0
                version: 02
                serial: 00:08:74:0f:0a:5e
                size: 1GB/s
                capacity: 1GB/s
                width: 32 bits
                clock: 66MHz
                capabilities: pm pcix msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k5-NAPI duplex=full firmware=N/A ip=10.0.1.10 latency=64 link=yes mingnt=255 multicast=yes port=twisted pair speed=1GB/s
                resources: irq:18 memory:ff8c0000-ff8dffff ioport:e0c0(size=64)
        *-isa
             description: ISA bridge
             product: 82801DB/DBL (ICH4/ICH4-L) LPC Interface Bridge
             vendor: Intel Corporation
             physical id: 1f
             bus info: pci@0000:00:1f.0
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: isa bus_master
             configuration: latency=0
        *-ide
             description: IDE interface
             product: 82801DB (ICH4) IDE Controller
             vendor: Intel Corporation
             physical id: 1f.1
             bus info: pci@0000:00:1f.1
             logical name: scsi0
             logical name: scsi1
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: ide bus_master emulated
             configuration: driver=ata_piix latency=0
             resources: irq:18 ioport:1f0(size=8) ioport:3f6 ioport:170(size=8) ioport:376 ioport:ffa0(size=16) memory:40100000-401003ff
           *-disk
                description: ATA Disk
                product: MAXTOR 6L020J1
                vendor: Maxtor
                physical id: 0
                bus info: scsi@0:0.0.0
                logical name: /dev/sda
                version: A93.
                serial: 661219820625
                size: 19GiB (20GB)
                capabilities: partitioned partitioned:dos
                configuration: ansiversion=5 signature=fb51107f
              *-volume:0
                   description: EXT3 volume
                   vendor: Linux
                   physical id: 1
                   bus info: scsi@0:0.0.0,1
                   logical name: /dev/sda1
                   logical name: /
                   version: 1.0
                   serial: d5980325-7d67-43eb-9624-71a6f0f6e8be
                   size: 18GiB
                   capacity: 18GiB
                   capabilities: primary bootable journaled extended_attributes large_files ext3 ext2 initialized
                   configuration: created=2010-02-27 12:14:44 filesystem=ext3 modified=2011-03-07 21:36:19 mount.fstype=ext3 mount.options=rw,relatime,errors=remount-ro,data=ordered mounted=2011-03-08 08:43:49 state=mounted
              *-volume:1
                   description: Extended partition
                   physical id: 2
                   bus info: scsi@0:0.0.0,2
                   logical name: /dev/sda2
                   size: 729MiB
                   capacity: 729MiB
                   capabilities: primary extended partitioned partitioned:extended
                 *-logicalvolume
                      description: Linux swap / Solaris partition
                      physical id: 5
                      logical name: /dev/sda5
                      capacity: 729MiB
                      capabilities: nofs
           *-cdrom
                description: SCSI CD-ROM
                physical id: 1
                bus info: scsi@1:0.0.0
                logical name: /dev/cdrom
                logical name: /dev/scd0
                logical name: /dev/sr0
                capabilities: audio
                configuration: status=nodisc
        *-serial
             description: SMBus
             product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus Controller
             vendor: Intel Corporation
             physical id: 1f.3
             bus info: pci@0000:00:1f.3
             version: 01
             width: 32 bits
             clock: 33MHz
             configuration: driver=i801_smbus latency=0
             resources: irq:17 ioport:dc80(size=32)
        *-multimedia
             description: Multimedia audio controller
             product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller
             vendor: Intel Corporation
             physical id: 1f.5
             bus info: pci@0000:00:1f.5
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: pm bus_master cap_list
             configuration: driver=Intel ICH latency=0
             resources: irq:17 ioport:d800(size=256) ioport:dc40(size=64) memory:ffa00400-ffa005ff memory:ffa00000-ffa000ff
  *-network
       description: Ethernet interface
       physical id: 1
       logical name: bond0
       serial: 00:e0:4c:b4:33:b8
       capabilities: ethernet physical
       configuration: broadcast=yes driver=bonding driverversion=3.5.0 firmware=2 ip=200.0.0.1 link=yes master=yes multicast=yes
xcl01:~#

network cables

I buy ethernet things.

Four network cables connect xcl01 to the networks. Three different cables lead from xcl01 to the LIC (Larg's Internet Cluster), providing HA and traffic seperation.

Different network cable colours show which one is which.

network interfaces

I buy ethernet things and add NICs (Network Interface Cards) to xcl01.

LIC table: xcl01 network interfaces
computer interface description IP address netmask
xcl01 eth0 home network 192.168.x.x 255.255.255.0
xcl01 eth1 biz01 spine 200.0.0.2 255.255.255.224
xcl01 eth2 biz02 spine 200.0.0.33 255.255.255.224
xcl01 eth3 adm01 spine 200.0.0.65 255.255.255.224

OS

All the IBM PCs (Personal Computers) in the LIC (Larg's Internet Cluster) run the Debian distribution.

applications

Almost all the applications in the LIC (Larg's Internet Cluster) are from the Debian distribution.

packages

I want to remove Gnome NetworkManager on xcl01.

apt-get remove network-manager

I install packages to make testing easier.

apt-get install  tcpdump lynx screen

I install packages to provide services.

apt-get install bind9 ifenslave  nut ntp openssh-server  

/etc/network/interfaces

I add static IP addresses to xcl01.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback
#
# home network
# see http://cluster.planetlarg.com/car-size-cluster-build/prepare-internet-computer/build-home-data-network
#
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
#
# biz01 network
# see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-biz01-ip-addresses-1921680021
#
auto eth1
iface eth1 inet static
    address 200.0.0.2
    netmask 255.255.255.224
#
# biz02 network
# see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-biz02-19216840021
#
auto eth2
iface eth2 inet static
    address 200.0.0.33
    netmask 255.255.255.224
#
# adm01 network
# see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-adm01-19216880021
#
auto eth3
iface eth3 inet static
    address 200.0.0.65
    netmask 255.255.255.224
#
# bonded interface for biz traffic
# For all addresses below here that look like 200.0.x.x, see
# http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/nat-ip-addresses-20000x
#
auto bond0
iface bond0 inet static
    pre-up  modprobe bonding
#    hwaddress ether 00:e0:4c:a9:34:42
    address 200.0.0.1
    netmask 255.255.255.192
    up      ifenslave    bond0 eth1 eth2
    down    ifenslave -d bond0 eth1 eth2
#

/etc/udev/rules.d/70-persistent-net.rules

I match interfaces with labels on xcl01

# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.
#---------#---------#---------#---------#---------#---------#---------#-
# idc@planetlarg.net sep 2010
#
# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:08:74:0f:0a:5e", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x8086:0x1229 (e100)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:50:8b:ae:fb:e1", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

# PCI device 0x10b7:0x9200 (3c59x)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:04:75:fb:69:b6", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"

# PCI device 0x10b7:0x9200 (3c59x)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:04:75:e9:47:55", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3"
#---------#---------#---------#---------#---------#---------#---------#-

/etc/resolv.conf

I add DNS to xcl01.

domain planetlarg.com
search planetlarg.com
nameserver 200.0.0.1

/etc/hosts

127.0.0.1       localhost
127.0.1.1       xcl01.planetlarg.com    xcl01

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
#
200.0.0.4  lic-ifw01
200.0.0.35 lic-ifw02
200.0.0.66 lic-ifw03
#
200.0.0.10 web01.planetlarg.com

/etc/iptables.up.rules

I turn xcl01 into an Internet gateway then make the iptables rules permanent.

# Generated by iptables-save v1.4.2 on Tue Oct 12 17:28:02 2010
*filter
:INPUT DROP [152:14831]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [88144:38078600]
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! eth0 -m state --state NEW -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1494 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 25,11,143,80,465,995,993,443 -j ACCEPT
-A FORWARD -i bond0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o bond0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth2 -o eth0 -j ACCEPT
-A FORWARD -i eth3 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth3 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Oct 12 17:28:02 2010
# Generated by iptables-save v1.4.2 on Tue Oct 12 17:28:02 2010
*nat
:PREROUTING ACCEPT [1250:97976]
:POSTROUTING ACCEPT [371:24890]
:OUTPUT ACCEPT [1239:85318]
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.2
COMMIT
# Completed on Tue Oct 12 17:28:02 2010

/etc/network/if-pre-up.d/iptables

This script is used to make the iptables rules permanent.

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

/etc/apt/sources.list

The non-free folder is where I get firmware for my ethernet cards.

#
# upgrade
# see http://www.debian.org/releases/squeeze/i386/release-notes/ch-upgrading.en.html#upgrade-process
#
deb     http://ftp.uk.debian.org/debian/ squeeze main non-free
deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free
#
deb     http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
#

/etc/apt/apt.conf.d/10periodic

I add unattended updates to xcl01.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";

/etc/bind/named.conf.options

...
    forwarders {
        192.168.1.1;
    };
...

/etc/nut/ups.conf

I add the NUT (Network UPS Tools) application to xcl01.

...
# my config
[xcl01]
        driver = apcsmart
        port = /dev/ttyS0
        desc = "my server"
#

/etc/nut/upsd.conf

I add the NUT (Network UPS Tools) application to xcl01.

...
#
# my configuration
#
#
LISTEN 127.0.0.1 3493
#

/etc/nut/upsd.users

I add the NUT (Network UPS Tools) application to xcl01.

...
#
# my configuration
#
[admin]
        password = mypass
        actions  = SET
        instcmds = ALL

#
[monmaster]
        password = Pa55w0rd
        upsmon master
#
[monuser]
        password = Pa55w0rd2
        upsmon slave
#

/etc/nut/upsmon.conf

I add the NUT (Network UPS Tools) application to xcl01.

...
#
# my configuration
#
MONITOR xcl01@localhost 1 monmaster Pa55w0rd master
#
...

/etc/apache2/sites-available/test.planetlarg.com

I proxy from xcl01

<VirtualHost *:80>
# All the sites on xcl01
# config will be...
# http://test.planetlarg.com/
#    drupal
#    everything is sent to drupal, unless explicitly described below.
# http://test.planetlarg.com/mediawiki/
#    mediawiki
# http://test.planetlarg.com/phpmyadmin/
#    PHPmyAdmin
# http://test.planetlarg.com/doc/
#    A list of all directories in /usr/share/doc/
#
#---------#---------#---------#---------#---------#---------#---------#-
# bog standard
#
# server
    ServerAdmin  idc@planetlarg.net
    ServerName   test.planetlarg.com
    ServerAlias  waf.planetlarg.com
#
# logs
#
        ErrorLog /var/log/apache2/error.test.planetlarg.com.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        #
        CustomLog /var/log/apache2/access.test.planetlarg.com.log combined
#
# hack to get drupal working
# keeps looking for /var/www/usr/share/drupal6/index.php
#
    #DocumentRoot /var/www/
    DocumentRoot    /usr/share/drupal6
        <Directory />
                        Options FollowSymLinks
                        AllowOverride None
        </Directory>
#
#---------#---------#---------#---------#---------#---------#---------#-
# content on this host
#
# an ordinary docroot
#
        <Directory /var/www/>
                        Options Indexes FollowSymLinks MultiViews
                        AllowOverride None
                        Order allow,deny
                        allow from all
        </Directory>
#
# a CGI directory
#
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                        AllowOverride None
                        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                        Order allow,deny
                        Allow from all
        </Directory>
#
# application info
#
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128 10.0.0.0/8
    </Directory>
#
#
# mediawiki
#
# copied from /etc/apache2/conf.d/mediawiki.conf
#
    Alias /mediawiki /var/lib/mediawiki

    <Directory /var/lib/mediawiki/>
            Options +FollowSymLinks
            AllowOverride All
            order allow,deny
            allow from all
    </Directory>

    # some directories must be protected
    <Directory /var/lib/mediawiki/config>
            Options -FollowSymLinks
            AllowOverride None
    </Directory>
    <Directory /var/lib/mediawiki/upload>
            Options -FollowSymLinks
            AllowOverride None
    </Directory>
#
# phpmyadmin
#
# see /etc/apache2/conf.d/phpmyadmin.conf
#
# drupal
#
# based on /etc/apache2/conf.d/drupal6.conf
#
    Alias           /drupal6 /usr/share/drupal6
    #
    <Directory      /usr/share/drupal6/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        order allow,deny
        allow from all
#
# drupal clean URLs
        RewriteEngine on
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_URI} ^/(.*)$
        RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]
    </Directory>
#
#---------#---------#---------#---------#---------#---------#---------#-
#
</VirtualHost>

/etc/apache2/sites-available/admin.planetlarg.com

I proxy from xcl01

# proxy to ifw03 and to the Y-cam IP camera.
#
#---------#---------#---------#---------#---------#---------#---------#-
# description
# Requests and replies are sent back and forth like this.
#
# client --(request)-------> proxy --(edited request)--> web server
# upstream                                   downstream
# client <--(edited reply)-- proxy <-----------(reply)-- web server
#
# URLs for clients include:
# http://admin.planetlarg.com/acng/acng-report.html - LIC apt-cacher NG
#                                        software updates
# http://admin.planetlarg.com/nagios3/ - LIC alerts
# http://admin.planetlarg.com/cacti/   - LIC monitoring
# http://admin.planetlarg.com/cam/     - security camera
#
# Each request and reply is made up of HTTP headers and an HTML body.
# Both must be edited.
# The web server responses are littered with private IP addresses,
# redirects missing the path, and other stuff that will make client
# request fail.
#
# Two modules sort this out.
#
# module: mod_proxy_http
# description: rewrites request and reply headers.
# instructions: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
#
# module: mod_proxy_html
# description: rewrites the reply body.
# instructions: http://www.apachetutor.org/admin/reverseproxies
# I run Debian Squeeze, which uses mod_proxy_html version 3.0.
# Current version is 3.1, released April 2009.
#
# this config cost me a LONG TIME.
# I tried location, proxy, env vars, all sorts.
# Yesterday I was waving chicken bones at the server, begging it to work.
#
#---------#---------#---------#---------#---------#---------#---------#-
# mod_proxy_html
# global directives
#
# fix a possible windows charset problem
# I used to see this years ago but not any more.
    ProxyHTMLCharsetAlias ISO-8859-1 Windows-1252
#
# mod_proxy_html won't do squat without this line.
    SetOutputFilter       proxy-html
#
# one of the pages has this oldskool meta tag
#   <meta http-equiv="refresh" content="0; URL=/form/default">
# change to
#   <meta http-equiv="refresh" content="0; URL=/cam/form/default">
# update it using an extended match.
# See an explanatory post from the main man Nick Kew at
# http://www.gossamer-threads.com/lists/apache/users/307238
#
    ProxyHTMLExtended On
    ProxyHTMLEvents   content
#
#
<VirtualHost *:80>
#
#---------#---------#---------#---------#---------#---------#---------#-
# directives for a bog standard name-based virtual server
#
# server
    ServerAdmin  idc@planetlarg.net
    ServerName   admin.planetlarg.com
# logs
    ErrorLog /var/log/apache2/admin.planetlarg.com-error.log
    LogLevel info
    # In case of fire, smash hash.
    #LogLevel debug
    CustomLog /var/log/apache2/admin.planetlarg.com-access.log combined
# content
    # this never gets used, but apache will not proxy without it.
    DocumentRoot /var/www/
# mod_proxy_http
    # The web servers downstream need this to identify which
    # name-based virtual server to send a request to.
    ProxyPreserveHost On
#
#---------#---------#---------#---------#---------#---------#---------#-
# proxy to Y-cam IP camera
#
# mod_proxy_http
    # Rewrite headers
    # The ProxyPreserveHost directive above
    # means that redirect headers will look like this
    #    Location: http://admin.planetlarg.com/default.asp
    # instead of
    #    Location: http://10.0.1.11/default.asp
    # 10.0.1.11 is the IP address of the Y-cam camera.
    #
    # The path on the end
    #    /default.asp
    # won't work for clients. It should be
    #    /cam/default.asp
    # It is changed by ProxyPassReverse to
    #    Location: http://admin.planetlarg.com/cam/default.asp
    #
    # redirect requests to a downstream server
    #ProxyPass        /cam/  http://admin.planetlarg.com/
    ProxyPass        /cam/  http://10.0.1.11/
    # Edit replies to upstream clients
    ProxyPassReverse /cam/  http://admin.planetlarg.com/
    #ProxyPassReverse /cam/  http://10.0.1.11/
    #
# mod_proxy_html
    # Rewrite the body
    #
    # Add a little more info in the ErrorLog (see above)
    ProxyHTMLLogVerbose On
    #
    # I saw this in a meta tag.
    # This works in combination with ProxyHTMLExtended.
    # See the mod_proxy_html global directives above.
    # I had a little trouble with multiple replacements,
    # so I stuck L on the end of each of these.
    # See http://apache.webthing.com/mod_proxy_html30/
    ProxyHTMLURLMap     /form/ /cam/form/ L
    # This was in an href value.
    ProxyHTMLURLMap     http://10.0.1.11/ /cam/ L
    # This was also in an href.
    ProxyHTMLURLMap     http://admin.planetlarg.com/ /cam/ L
#
#---------#---------#---------#---------#---------#---------#---------#-
# proxy to ifw03
#
# mod_proxy_http
#
# first the special cases
    <Proxy /acng>
        ProxyPass         http://200.0.0.66:3142
        ProxyPassReverse  http://200.0.0.66:3142
    </Proxy>
#
# then everything else
    ProxyPreserveHost On
    ProxyPass        / http://200.0.0.66/
    ProxyPassReverse / http://200.0.0.66/
#
# and no security
    <Proxy *>
        Order  deny,allow
        Allow  from all
    </Proxy>
#
#---------#---------#---------#---------#---------#---------#---------#-
#
</VirtualHost>

/etc/apache2/sites-available/web01.planetlarg.com

I proxy from xcl01

# description
# Requests and replies are sent back and forth like this.
#
# client --(request)-------> proxy --(edited request)--> web server
# upstream                                   downstream
# client <--(edited reply)-- proxy <-----------(reply)-- web server
#
# URLs for clients include:
# http://web01.planetlarg.com/infrastructure/host1 - contains the 
#                                        host name
#
# Each request and reply is made up of HTTP headers and an HTML body.
# I am not editing the HTML here. 
#
#
#---------#---------#---------#---------#---------#---------#---------#-
# directives for a bog standard name-based virtual server
#
<VirtualHost *:80>
#
# server
    ServerAdmin  nick@planetlarg.net
    ServerName   web01.planetlarg.com
# logs
    ErrorLog /var/log/apache2/web01.planetlarg.com-error.log
    LogLevel info
    # In case of fire, smash hash.
    #LogLevel debug
    CustomLog /var/log/apache2/web01.planetlarg.com-access.log combined
# content
    # this never gets used, but apache will not proxy without it.
    DocumentRoot /var/www/
# mod_proxy_http
    # The web servers downstream need this to identify which
    # name-based virtual server to send a request to.
    ProxyPreserveHost On
#
#---------#---------#---------#---------#---------#---------#---------#-
# proxy to the web server hosts ics01, ics02 and ics03
#
# mod_proxy_http
#
    ProxyPass        / http://200.0.0.10/
    ProxyPassReverse / http://200.0.0.10/
#
# and no security
    <Proxy *>
        Order  deny,allow
        Allow  from all
    </Proxy>
#
#
#---------#---------#---------#---------#---------#---------#---------#-
</VirtualHost>

/var/spool/cron/crontabs/root

I stop the LIC each night.

# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.0BUEfI/crontab installed on Fri Dec 17 01:37:53 2010)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# m h  dom mon dow   command
55 23 * * * /sbin/poweroff