Category Archives: Linux

Start a VNC server on boot on Ubuntu

As gaining remote access to an Ubuntu Desktop machine is only possible when the user is logged into the X interface, it could be interesting to start the VNC automatically on boot. My description is based on the following article.

To set it up, follow these steps:

  1. First, install the TightVNC server. It can be installed with Synaptic, or with 
    sudo aptitude install tightvncserver
  2. Set up the VNC server for the user you wish to log in as. When you run “vncserver” for the first time, it will ask you to set a password. VNC authentication is not the strongest encryption available, so be sure to firewall your server from all but trusted machines. To launch programs or a session when your VNC session starts, modify 
    ~/.vnc/xstartup

    Here is an example of xstartup: it runs an icewm session and K3B. For Gnome, try running “gnome-session”, and for KDE, try “startkde”.

    #!/bin/sh
    
    xrdb $HOME/.Xresources
    xsetroot -solid black
    k3b &
    icewm-session &
    
  3. Copy the following into 
    /etc/init.d/vncserver

    Be sure to change the “USER” variable to whatever user you want the VNC server to run under.

    #!/bin/sh -e
    ### BEGIN INIT INFO
    # Provides:          vncserver
    # Required-Start:    networking
    # Default-Start:     3 4 5
    # Default-Stop:      0 6
    ### END INIT INFOPATH="$PATH:/usr/X11R6/bin/"
    # The Username:Group that will run VNC
    export USER="myuser"
    #${RUNAS}# The display that VNC will use (this correspond to the port)
    # Display 1 --> Listening on port 5901
    DISPLAY="1"
    
    # Color depth (between 8 and 32)
    DEPTH="16"
    
    # The Desktop geometry to use.
    #GEOMETRY="<WIDTH>x<HEIGHT>"
    #GEOMETRY="800x600"
    #GEOMETRY="1024x768"
    GEOMETRY="1280x1024"
    
    # The name that the VNC Desktop will have.
    NAME="my-vnc-server"
    
    OPTIONS="-name ${NAME} -depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY}"
    
    case "$1" in
    start)
    log_action_begin_msg "Starting vncserver for user '${USER}' on localhost:${DISPLAY}"
    su ${USER} -c "/usr/bin/vncserver ${OPTIONS}"
    ;;
    
    stop)
    log_action_begin_msg "Stoping vncserver for user '${USER}' on localhost:${DISPLAY}"
    su ${USER} -c "/usr/bin/vncserver -kill :${DISPLAY}"
    ;;
    
    restart)
    $0 stop
    $0 start
    ;;
    esac
    
    exit 0
    
  4. Make the script executable with 
    sudo chmod +x /etc/init.d/vncserver

    Then, run

    sudo update-rc.d vncserver defaults

    This adds the appropriate symlinks to the vncserver script so that it is sent the start and stop commands at the appropriate time.

  5. To start the server without rebooting, run 
    sudo /etc/init.d/vncserver start
  6. Finally, connect to your server with a VNC client on port 590X, where X is the value of “DISPLAY” in the vncserver script.

Preferring IPv4 over IPv6 for apt-get

As more and more hosts are moving over to IPv6, you might encounter DNS A records with IPv6 entries. That’s all fine, but sometimes networks or firewall filters are not well configured and you loose connectivity. Sadly, modern GNU/Linux systems prefer IPv6 addresses over IPv4 when being presented with a choice.

As an example, Debian’s or Ubuntu apt-get update over IPv4 and IPv6:

root@mybox:~# host security.debian.org
security.debian.org has address 195.20.242.89
security.debian.org has address 212.211.132.32
security.debian.org has address 212.211.132.250
security.debian.org has IPv6 address 2001:a78:5:1:216:35ff:fe7f:6ceb
security.debian.org has IPv6 address 2001:8d8:580:400:6564:a62:0:2
security.debian.org has IPv6 address 2001:a78:5:0:216:35ff:fe7f:be4f
security.debian.org mail is handled by 10 chopin.debian.org.

We could just add static ipv4 lines in /etc/hosts, but I don’t want to disable IPv6 altogether. So, how do we tell the system to prefer IPv4 addresses over IPv6?
It’s rather simple, actually: we need to have a look at getaddrinfo(3)’s configuration file; /etc/gai.conf.

Locate this line and uncomment it:

#precedence ::ffff:0:0/96  100

IPv4 is preferred now.
This works as that’s the special address range to help in the transition from 4 to 6; every IPv4 address can be written as an IPv6 one using that form.
(See http://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses for more info on that one.)
Anyways, the format is ::ffff:0:0/96 which means that the ipv4 ip address 192.168.18.234/32 will be written as 0:0:ffff:192.168.18.234/128 and will match that line in gai.conf.

NAT with iptables on Linux

Just trying to configure NAT on a Linux Backtrack with two ethernet cards (eth1 is inside and eth0 is outside) and I would like to share here the configuration I made:

Activation of the IP Forwarding on the machine

echo 1 > /proc/sys/net/ipv4/ip_forward

Activation of the NAT with itables

iptables -t nat --append POSTROUTING -o eth0 -j MASQUERADE

To display the NAT statistics
You need to install an additional tool to display the current stats

sudo apt-get install netstat-nat

Just type the following command to see live translations:

watch -d netstat-nat -Nn

There is some applications or sites allowing you to test the type of NAT implementation you have, here is an interesting one from the University of München.
And that’s it !

Conditional DNS forwarding on Linux

I was looking for a way to selectively transfer a DNS request to different server according to the searched domain name. It’s could be useful when you are connected through a VPN to a remote network and you are not tunneling all the traffic through this tunnel.
The solution is to :
1. Install a local bind9 server on you linux box
2. Configure it to make forwarding according to the requested domain name

Here is a sample

named.conf.local

configuration:

    type forward;
    forward only;
    forwarders { 8.8.8.8; };
};

and a sample

named.conf.options

configuration:

...
forwarders { 4.4.4.4; };
...