Tag Archives: webmin

Virtualmin custom dynip

Virtualmin has this nice feature where you can enable dynamic host and virtualhost updates so when your ip changes virtualmin updates the ips in the virtualhosts definitions. Without this feature your sites would not work anymore if your ip changes and you would have to update the ips manually.

The problem with this feature is that it only supports the DynDNS service and not everyone is using this service to update their host when their ip changes.

I'm using my own dynamic dns service and the good news is that this service is using the same protocol as DynDNS so virtualmin needs little change in order to support it.

All I had to do was add a way of specifying the hostname and port of the dynip update server.

Here's the patch for virtualmin ( tested with 3.75 and 3.76 ) :

Virtualmin custom DynIP patch-1.0 (3.74 KB)

Webmin 1.480: Bulk add ip addresses

A few months ago I published a patch for webmin that would allow you to easily add a lot of ip addresses to an interface in webmin. At that time I mentioned that the patch could only be applied on webmin 1.410.

Now I needed this patch again but this time on webmin 1.480 so I adapted it to work with the new version.

For usage instructions please see the original post

You can download the new version here: webmin bulk add net aliases-1.480 (4.13 KB)

Notes

This only works for interfaces activated at boot. The code could easily be copied to work with the other interfaces too but I didn't see a use for that.

After you add the ip addresses ( aliases ) you have to go to the list of interfaces, select the newly added interfaces and click the "Apply selected interfaces" button if you want the new aliases to be activated without having to reboot.

Webmin Bulk Add Ip Addresses

Problem

you want to add multiple ips ( aliases ) to a network interface using webmin's Net module. Adding them one by one is a slow process.

Solution

Modify webmin's Net module to allow you to copy/paste ip addresses in a textbox ( one per line ) and then click once and wait for it to do it's job.

Here's the patch for webmin 1.410, I know it's an old version but it should be easy to adapt for newer versions, let me know if you need any help.

Install

Download:  webmin bulk add net aliases-1.410 (5.26 KB)

Apply patch:

  1. cd webmin/net #or wherever webmin is
  2. patch -p1 < webmin-net-bulk-aliases.patch

Usage

Log into webmin as root/admin , go to network configuration, click on  an interface in the interfaces section, click the "Add virtual interface" link and now you should see a text box where you can just insert each ip on a new line. then just click the "Create" button

Webmin pptp user synchronization

Webmin has this great feature that it can add users in several modules when a system user is added ( of course only when added from webmin ).

This feature can really be useful if you want for example to automatically add a system user to samba, mysql or other modules.

In order for this to work each modules that wants such a synchronization had to implement some standard functions and put them in a special file inside their module directory. Then when a system user is added, removed or updated the Useradmin module will look for a file named useradmin_update.pl in all modules installed in webmin. When it finds the file it will execute a function in the useradmin_update.pl corresponding to the action in useradmin module.

The pptp-server is a webmin module that is used for administrating a Point to Point Tunneling Protocol server , an easy way for creating VPNs to be used by windows or Linux machines. What I wanted was that when I added a system user webmin would also create a samba user and a pptp user so that the user could access the files over ftp or samba but over a more secure link so I wrote an useradmin_update.pl script for pptp

How to set it up?

get the script: useradmin_update.pl and place it into you pptp-server module folder on gentoo this is /usr/libexec/webmin/pptp-server a simple locate pptp-server should show you where it is.

Make sure you chmod 755 useradmin_update.pl

add the following lines to config.info in pptp-server :

sync_add=Add a pptp vpn server user when a Unix user is added,1,1-Yes,0-No
sync_change=Change the pptp vpn server user when a Unix user is changed,1,1-Yes,0-No
sync_delete=Delete the pptp vpn server user when a Unix user is deleted,1,1-Yes,0-No

remove the module.infos.cache file ( usually /etc/webmin/module.infos.cache ) and then restart webmin.
Now login to webmin as admin or root and go to Networking -> PPTP VPN Server -> Module config and check those 3 sync options .

To test it add a user using the webmin-> System -> Users and Groups admin then go to Webmin -> Networking -> PPTP VPN Server -> PPP Accounts and you should see the user there.

How to set up an anonymous proxy on debian

This document describes the steps required to install squid proxy server from http://squid-cache.org and webmin from http://webmin.com on a debian 4.0 system as well as basic steps required to configure squid to listen on multiple ip addresses and use them as outgoing source address for connections. This will also show you how to configure squid from webmin to accept connections only from predefined clients based on the client's ip address.

For the steps presented below root access over ssh on the server or physical ( console ) access will be required.

Squid installation

Installing squid on a debian system is straight forward. The administrator must be logged in as root and just type: apt-get install squid. This will install squid along with all required dependencies (it may ask for the user permission to install, in that case just approve ).

Webmin installation

download the webmin .deb package from http://webmin.com/download.html and upload it on your server, then type: dpkg -i webmin_1.xyz.deb where xyz is the current webmin version.
This will look for required dependencies and will let you know if something is missing. In case anything is missing you can just install it using apt-get install command simiar to how you installed squid.

Once webmin is installed you can access it over web from your browser like https://yourdomain.com:10000

Webmin configuration

If wedmin and squid were both installed from the standard debian package then webmin should already know where squid configuration files are and be able to modify it and stop/start squid. If this is not the case then you can set the paths in the module's configuration section.

Squid Anonymous configuration

Set http_port to specify the port and ips where squid will listen for incoming connections. If you want squid to listen on any of the available ips just set it like this: http_port 3128

Make squid anonymous by specifying which headers it should allow/deny. For highly anonymous proxies here is the suggested configuration:
header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Proxy-Authorization allow all
header_access Proxy-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access Cookie allow all
header_access Set-Cookie allow all
header_access All deny all

Some may want to remove the lines that contain Cookie and Set-Cookie headers but if you do that most sites will not work anymore cause most require cookie / session support.

Squid multiple ip configuration

We want connections that come from one ip to go out on the same ip. First set acls to identify the ips where squid listens for incoming connections. Let's say we have 3 ips : 10.0.0.1 , 10.0.1.1 and 10.0.2.1 . The acls would look like this:
acl in_10_0_0_1 myip 10.0.0.1/32
acl in_10_0_1_1 myip 10.0.1.1/32
acl in_10_0_2_1 myip 10.0.2.1/32

Now you can set up tcp_outgoing address using the above acls:

tcp_outgoing_address 10.0.0.1 in_10_0_0_1
tcp_outgoing_address 10.0.1.1 in_10_0_1_1
tcp_outgoing_address 10.0.2.1 in_10_0_2_1

Set up access rules based on client ip

You will have to set up acls similar to the above but they identify the client's ip ( not proxy server's ip). The the acls will be used in the http_access directive. This can be done directly from the configuration file.

Here is a sample that shows how to allow access for a client with the ip 10.0.0.10 :
acl cli_10_0_0_10 src 10.0.0.0.10
http_access allow cli_10_0_0_10
Just put those two lines in squid.conf before the “http_access deny All” line.

You can also add an ACL from webmin -> Servers -> Squid Proxy Server -> Access Control ->> Edit Acl . The acl type has to be “Client address” . You just have to set a name and a “From address” ( the address you want to allow access to squid ) for it and then save it. After you set the ACL you have to go to "Add proxy restriction" , set the Action on “Allow” , select your acl from the "Match ACLs" box and click save. After the save you should be redirected on the main acls page where you should see your acl in the “Proxy restrictions” list, right at the bottom.
You will have to make sure your acl goes before the “Deny all” entry or else it will have no effect. You can put it one row up by clicking the “Up” arrow.

Now you can Start/Restart squid from command line /etc/init.d/squid start/restart or from webmin -> squid proxy server
You can test your squid configuration by setting any of the available ips as a HTTP proxy in your browser ( port 3128 ) and then go to http://spotip.com . That site should show you the exact ip you have set up as proxy in your browser.