Fequently Asked
Questions:
Q:
I am getting a 'License file not valid'
error when logging into fBuilder. Why?
A:
This can be caused by ^M characters being
appended to the license file. This can happen
when the file is received on many web based
mail readers or if the machine you received
the license on was a Windows based machine.
You can remove these ^M characters by typing
the following on your Linux box:
perl -pi.bak -e 's/\cM//g' fbuilder.lic
Q:
When I log into fBuilder, it forces me
to log in over and over. Why?
A:
When you install fBuilder you are asked
for the name of the machine. You MUST
use a qualified name (such as yourmachine.yourdomain.com)
and NOT the IP address of the machine.
This information will be saved to the
.hosts file. When you browse to fBuilder,
you will use the same name as is referred
to in this file. If you attempt to browse
to the IP address of the machine, the
session cookie will not work correctly.
Q:
I've downloaded a file "fbuilder_plus-2.4.7.tar.tar"
and failed to extract using tar program
in the linux shell. This is the command
i've typed: tar xf fbuilder_plus-2.4.7.tar.tar
The system returned: "THIS DOES NOT
LOOK LIKE A TAR ARCHIVE SKIPPING TO NEXT
HEADER ARCHIVE CONTAINS OBSOLESCENT BASE-64
HEADER ERROR EXIT DELAYED FROM PREVIOUS
ERRORS". Could you tell me what wrong
going with this?
A:
For some reason Windows machines are changing
the name of the file when it is downloaded.
The file SHOULD be a tar.gz file and should
untar clean with a tar -xzvf.
Q:
I am getting 'Couldn't open .interfaces:
Permission denied at PERL2EXE_STORAGE/fbuilderLib.pm
line 418' when I try setting the interfaces
on the wizard. Why?
A: This
can happen if the /usr/local/fbuilder
directory is not owned by the fbuilder:fbuilder
user:group. To remedy this, type:
chown fbuilder:fbuilder /usr/local/fbuilder
You may also have to rm /usr/local/fbuilder/.interfaces
if the file exists, kill the boa process,
and restart boa before trying again.
Q:
When attempting to start Boa, I get a
'could not open mime.types file' error.
Why?
A:
You will need to look in your boa.conf
file and look for a variable called 'MimeTypes'.
By default, this is set to "etc/mime.types".
If your mime.types file does not reside
in this location, you will need to point
the variable to the location of your mime.types
file.
Q:
How do I uninstall fBuilder?
A: You
can just delete the /usr/local/fbuilder
directory for the Lite or 2.2.6 versions.
If you are running 2.4.x, you should also
check for a file called loadmods.pl that
should be located in the /root directory.
Q:
When attempting to access fBuilder, I
receive a 'License not found' error
A:
This can happen for a couple of reasons.
A file called fbuilder.lic is emailed
to the address that was provided when
you downloaded the product. If you do
not receive this license (but provided
a valid email address when downloading)
please contact support. Once you receive
the license, you must copy it to /usr/local/fbuilder
for the product to work. If you continue
to get the error after copying the file,
try to kill the boa process by typing
'ps -awux | grep boa' to get the process
id and then type 'kill '. Once boa has
been stopped, you can start it again by
typing '/usr/local/fbuilder/boa'.
Q:
Does fBuilder work with apache?
A: In
order to get fBuilder running with Apache,
you'll need to set up Apache to allow
execution of cgi scripts in what ever
directory you put fBuilder in... Depending
on your version of Apache, there may be
a number of files to edit. In the latest
stable version of Apache (1.3.12 as of
this writing) the default file for everything
you'll need to do is httpd.conf. Basically
you are looking for the following lines:
AddHandler .cgi
If it's commented out with a pound (#)
sign before it, uncomment it by removing
the pound (#) sign.
There will also be access permissions
to set up so that Apache will allow execution
of cgi scripts in a non cgi-bin directory.
Set up the following directive somewhere
in the httpd.conf file:
<Directory /path/to/fbuilder/>
AllowOverride All
Options ExecCGI
</Directory>
If your web server is running as 'nobody',
you will need to change the permissions
on the fbuilder directory so that it's
owned by nobody and you will also need
to change the ownership of the fw-init
file.
chown nobody.nobody /path/to/fbuilder
chown nobody.nobody /path/to/fbuilder/fw-init
If you get any "permission denied"
errors while using fBuilder in this configuration,
find out what was trying to be accessed
by viewing your apache error log, then
change the owner of that file to nobody...
There are a couple fo files which you
should NOT change the permissions or ownership
of, most notable is fBuilder_chains, execute_script.pl
and fParse.cgi. These files need to be
owned by root with permissions set to
04755 (-rwsr-xr-x).
That should be all there is to setting
up fBuilder with Apache...
Q:
How do I maintain a firewall script, once
generated.
A:
If you want to insert/edit/delete/move
any of the rules in your live firewall,
you can do it through the "View Options',
'View Firewall' area. Clicking the arrows
will move the rule. Click insert to insert
a rule. Click Edit to edit or delete a
rule.
If you want to add a rule to an empty
chain or want to append a rule to the
bottom of a chain, you can click 'New
Rule' from the 'Edit firewall' menu and
create your new rule.
Once all of your changes have been made,
go back to the 'View Firewall' screen
and click 'Save Firewall' to save it and
'Export to rc.firewall' to create a rc.firewall
script that can be run at boot time.
Q:
I am finding the creation of new rules
very difficult because I am just not that
familiar with the ipchains and iptables
lingo and low level functionality. You
product seems to work fine after going
through the firewall wizard, but I cant
open other ports and don't really know
how.
A: To create a
rule, you have three options:
1 - You can always use the Wizard again
to add items to your list of incoming
and outgoing rules. The Wizard will remember
what you did the first time so that you
don't need to do everything again, only
add the new services.
2 - You can use the Insert Rule from the
'view firewall' screen
3 - You can use 'New rule'
Basically the New Rule and Insert rule
work the same except the New Rule allows
you to pick the chain and the rule gets
appended to the end of the chain. The
Insert Rule will insert the rule to the
location where you clicked 'insert' and,
of course, will be in that chain.
As for what goes where:
If you want services from the internet
to come into that box (i.e - if you want
to run a web server on there) you would
want to add an Input rule. If you want
to get from that box out (if you want
view web pages on the internet) you would
want an output rule. If you want people
to pass through that box (acting as a
router) you will create Forward rule.
The nitty gritty:
If you want to just add access to the
outside world on port 1234 for everyone
on your network, you can hit the insert
button in the Forward chain, put 1024:65535
in your source ports, 1234 in Destination
Ports, the target is ACCEPT, protocol
is TCP, in fBuilder 2.2.x you will want
to check 'Create back traffic rule', and
finish by clicking 'add new rule'. With
2.4.x you will not need back traffice
rules as this is handled by state checking.
Obviously, I picked a very simple example
to show you that it does almost everything
for you. If you only want to allow 1234
to a machine on the internet that has
an address of 123.123.123.123, you can
just add that ip to the destination address.
etc, etc.
Q:
I'm try to create multiple fixed NAT mappings
between a fixed public address and a fixed
internal (private) address. How might
I acheive this with fbuilder plus 2.4?
(ie: 123.123.1.100 >> 192.168.1.100)
A:
This would be done through 'Edit Firewall'
>> 'New Rule'. Once in this screen,
Add the following items:
1 - Inbound interface: Set to the NIC
that faces the internet (i.e - eth0)
2 - Destination IP Address: Set to the
address that people on the outside will
use (i.e - 123.123.1.100)
3 - Nat to IP address: Set to the address
the packet is destined for (i.e. - 192.168.1.100)
4 - Rule Type = Prerouting
5 - Target = DNAT
6 - Protocol = ALL (you can make this
TCP or UDP only if you don't want to redirect
all packets)
7 - Click 'Add New Rule'
Once your edits are in place, click 'Save
firewall' from the 'View Options' >>
'View Firewall' screen to save your script.
You can also export your firewall to a
rc.firewall script so you can launch it
at boot time from the 'View Firewall'
screen.
Q:
After I run the Wizard, the firewall rules
come up empty?
A: fBuilder
expects to see your iptables command in
the /sbin directory. If it is located
elsewhere (i.e. /usr/local/sbin) you will
want to create a link in your /sbin directory
to point to your iptables command.
