Virtual Serving Setup
*********************

This setup only considers partial virtual serving of mail serving, ftp, and 
http, to give the illusion that each domain is served off its own box.  This
does not address the subject of virtual serving of users on hosts etc.

In the configuration provided below, we could have gotten away with one IP 
address for mail and http, but not for ftp.  This configuration also deals 
with port forwarding through a masqerading firewall.

This setup requires Linux 2.2.x or greater kernels compiled with ip-aliasing.
Look at "http://jon.novatek.co.nz/config/gateway" for a guide on on how to 
compile  a  kernel  for  a  masquerading  firewall  and how to set it up.  Other
sources are also available: 	 
"http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri" and
"http://dcfonline.sfu.ca/ying/linux/index.html"

Another requirement is a Redhat distribution > 6.0.  This makes extensive use of
Redhat's /etc/sysconfig structure for installing.  Not to say that this can be
translated to other distributions.  I am only familiar with Redhat distro's.

To obtain some further background on how henry is configured, look at
"http://jon.novatek.co.nz/config/henry".  This document prevails with all
inconsistencies between the two documents.

Topology
++++++++

After  a  number  of  false starts in achieving this configuration, I discovered
that it is a good idea to plan things out before embarking.

Internet Side:
--------------       192.168.0.0                      Virtual Host 1.            
		     (local-net)                      Name:    www.novatek.co.nz 
First IP Address.         |                           IP:      192.168.0.200     
Names:   ns1, mail,       |      +-----------+        Ethernet eth0:0            
	 ftp, www         | eth0 |           |                                   
Domain:  novatek.co.nz    |------+   Henry   |        Virtual Host 2.                       
IP 1:    24.113.94.87     |      |           |        Name:    ftp.novatek.co.nz 
Mask:    255.255.254.0    |      +-----------+        IP:      192.168.0.201     
Ethernet eth0             | Name:    henry            Ethernet eth0:1            
NS1:     24.2.10.33       | Domain:  novatek.co.nz                               
NS2:     24.2.10.34       | IP:      192.168.0.3      Virtual Host 3.            
			  | Mask:    255.255.255.0    Name:    www.cmex.org                           
Second IP Address         | Ethernet eth0             IP:      192.168.0.202
Names:   mail, ftp, www   | Gateway: 192.168.0.254    Ethernet eth0:2
Domain:  cmex.org         |
IP 2:    24.113.98.164    |                           Virtual Host 4.
Mask:    255.255.254.0    |                           Name:    ftp.cmex.org
Etehrnet eth0:0 (alias)   |                           IP:      192.168.0.203
NS1:     24.2.10.33       |                           Ethernet eth0:3
NS2:     24.2.10.34       |      +-----------+                    
			  |      |           |   
      +-----------+       |------+   aaaaa   |   
 eth0 |           | eth1  |      |           |   
------+  Gateway  +-------+      +-----------+   
      |           |       |      . . . . . . . .
      +-----------+       |
Local Side:               |      +-----------+   
-----------               |      |           |   
Name:    gateway          |------+   zzzzz   |   
Domain:  novatek.co.nz    |      |           |   
IP:      192.168.0.254    |      +-----------+   
Mask:    255.255.255.0    |
Ethernet eth1             |
Gateway: 24.113.94.1      |

The IP addresses and names are specific to my network, you will need to use the
numbers and names specific to your network.  Static IP addresses you get from
your upstream ISP.   Domain names are reserved.  Have a look at:
http://www.uninett.no/navn/domreg.html or http://www.internic.net/alpha.html
as a starting point before deciding where to get your domain names.

Step 1:  Ensure the kernels are built correctly.
************************************************

Ensure the following options are set in Henry.  This is a 2.2.14 kernel.  If
you are going to rebuild the kernel, there is no harm in getting the most recent
kernel source and header rpms from
ftp://rawhide.redhat.com/pub/rawhide/i386/RedHat/RPMS/
and building from scratch.

First the Gateway box.
After configuring for the build (I use make menuconfig), scan the
/usr/src/linux/.config file and ensure the following: (this is an incomplete
list.

CONFIG_EXPERIMENTAL=y

CONFIG_MODULES=y
# CONFIG_MODVERSIONS is not set
CONFIG_KMOD=y

CONFIG_NET=y

CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_FIREWALL=y
# CONFIG_FILTER is not set     #optional
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y    # to get CONFIG_IP_ROUTE_VERBOSE below
CONFIG_RTNETLINK=y
CONFIG_NETLINK=y
# CONFIG_IP_MULTIPLE_TABLES is not set   #optional
# CONFIG_IP_ROUTE_MULTIPATH is not set   #optional
# CONFIG_IP_ROUTE_TOS is not set         #optional
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set #optional
# CONFIG_IP_PNP is not set                #optional
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_IPPORTFW=y
CONFIG_IP_MASQUERADE_MFW=y
# CONFIG_IP_MASQUERADE_VS is not set    # this is load balancing
CONFIG_IP_ROUTER=y
# CONFIG_NET_IPIP is not set           #optional
# CONFIG_NET_IPGRE is not set          #optional
# CONFIG_IP_MROUTE is not set          /#optional
CONFIG_IP_ALIAS=y
# CONFIG_ARPD is not set              #optional
CONFIG_SYN_COOKIES=y
# CONFIG_INET_RARP is not set         #optional
CONFIG_SKB_LARGE=y
# CONFIG_IPV6 is not set               #the rest optional
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_BRIDGE is not set
# CONFIG_LLC is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_FASTROUTE is not set
# CONFIG_NET_HW_FLOWCONTROL is not set
# CONFIG_CPU_IS_SLOW is not set

# CONFIG_MAGIC_SYSRQ is not set

Note, I prefer to compile in the drivers for the hardware of the system rather
than modules.  This is what I have done for the ethernet cards.

Build the kernel. "make dep clean bzImage modules modules_install"

Second, the Kernel for the local server box.

CONFIG_EXPERIMENTAL=y

CONFIG_MODULES=y
# CONFIG_MODVERSIONS is not set
CONFIG_KMOD=y

CONFIG_NET=y

CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
# CONFIG_FIREWALL is not set
# CONFIG_FILTER is not set
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_IP_ROUTER is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
CONFIG_IP_ALIAS=y             # a must.
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
CONFIG_INET_RARP=y
CONFIG_SKB_LARGE=y
# CONFIG_IPV6 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_BRIDGE is not set
# CONFIG_LLC is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_FASTROUTE is not set
# CONFIG_NET_HW_FLOWCONTROL is not set
# CONFIG_CPU_IS_SLOW is not set

And build this kernel too.

Step 2:  Configuring LILO.

First for gateway:  Include the following stanza in /etc/lilo.conf:

>>>>>>>>>>>>>>>>>>>>>part of gateway:/etc/lilo.conf
image=/boot/bzImage
	append="ether=12,0x240,eth0 ether=11,0x300,eth1"
	label=l
	root=/dev/hda3
	read-only
<<<<<<<<<<<<<<<<<<<<<end part of gateway:/etc/lilo.conf

Enter your ethernet card parameters in an append stmt.  I have old ISA cards. 
To set the parameters I boot with a DOS6.2 floppy and run the diag code off the 
floppy that came with the ethernet cards.  Look at the Ethernet HOWTO at
linuxdoc.org, and  ftp://cesdis.gsfc.nasa.gov/pub/linux/diag/index.html.

Boot away.

Secondly for the local box (henry) nothing special is required in lilo.

Step 3:  Networks and IP Aliasing
*********************************

These steps are very RedHat 6.x dependant.

Firstly gateway.  Create the following files:  Note, that using names instead of
IP addresses will stop working until we have DNS set up a bit later.  If you
want more insight go look at the networking HOWTO  at linuxdoc.org and
http://www.redhat.com/support/manuals/RHL-6.1-Manual/ref-guide/s1-sysadmin-boot.html

At the time I wrote this, "control-panel" did not support setting up the system
in this manner.  You have been warned.  Using "control-panel" or "linuxconf" to do
this, will break, not make your configuration.

>>>>>>>>>>>>>>>>>>>>/etc/HOSTNAME
gateway.novatek.co.nz
<<<<<<<<<<<<<<<<<<<</etc/HOSTNAME

>>>>>>>>>>>>>>>>>>>/etc/hosts
127.0.0.1               localhost.localdomain localhost
<<<<<<<<<<<<<<<<<<</etc/hosts

>>>>>>>>>>>>>>>>>>>/etc/networks
loopback        127.0.0.0
local-net       192.168.0.0
extern-net      24.113.94.0
<<<<<<<<<<<<<<<<<<</etc/networks

>>>>>>>>>>>>>>>>>>>/etc/host.conf  # I'm not sure if this is still required!!
order hosts,bind
multi on
<<<<<<<<<<<<<<<<<</etc/host.conf

>>>>>>>>>>>>>>>>>>/etc/resolv.conf
domain novatek.co.nz
nameserver 192.168.0.3
<<<<<<<<<<<<<<<<<</etc/resolve.conf
we use henry for internal name serving and gateway for external name serving,
more about this later.

Ensure that the following line exists in /etc/nsswitch.conf
>>>>>>>>>>>>>>>>>>>>/etc/nsswitch.conf
.........................
hosts:      files nisplus nis dns
........................
<<<<<<<<<<<<<<<<<<<</etc/nsswitch.conf

>>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=true
HOSTNAME=`cat /etc/HOSTNAME`
GATEWAY=24.113.94.1
GATEWAYDEV=eth0
#NISDOMAIN=
<<<<<<<<<<<<<<<<<<<</etc/sysconfig/network

>>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network/scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=24.113.94.87
NETMASK=255.255.254.0
ONBOOT=yes
NETWORK=24.113.94.0
BROADCAST=24.113.95.255
USERCTL=no
<<<<<<<<<<<<<<<<<<<</etc/sysconfig/network/scripts/ifcfg-eth0

>>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network/scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.0.254
NETMASK=255.255.255.0
ONBOOT=yes
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
USERCTL=no
<<<<<<<<<<<<<<<<<<<</etc/sysconfig/network/scripts/ifcfg-eth1

>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network-scripts/ipcfg-eth0-range0
IPADDR_START=24.113.98.164
IPADDR_END=24.113.98.164
CLONENUM_START=0
<<<<<<<<<<<<<<<<<<</etc/sysconfig/network-scripts/ipcfg-eth0-range0
Read the header of /etc/sysconfig/network-scripts/ifup-aliases for an
explaination.

Now do a /etc/rc.d/init.d/network restart
Note:  If /etc/HOSTNAME was changed, it is necessary to reboot, rather than
restart.

To check the health of the configuration:

running ifconfig should give:    
------------------------------------------
eth0      Link encap:Ethernet  HWaddr 00:00:E8:D3:D7:65  
	  inet addr:24.113.94.87  Bcast:24.113.95.255  Mask:255.255.254.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  RX packets:7246090 errors:0 dropped:0 overruns:0 frame:5
	  TX packets:93356 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:1080 txqueuelen:100 
	  Interrupt:12 Base address:0x240 

eth0:0    Link encap:Ethernet  HWaddr 00:00:E8:D3:D7:65  
	  inet addr:24.113.98.164  Bcast:24.113.95.255  Mask:255.255.254.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  Interrupt:12 Base address:0x240 

eth1      Link encap:Ethernet  HWaddr 00:00:E8:D3:D9:C0  
	  inet addr:192.168.0.254  Bcast:192.168.0.255  Mask:255.255.255.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  RX packets:174241 errors:1 dropped:28 overruns:0 frame:7
	  TX packets:184165 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:178 txqueuelen:100 
	  Interrupt:11 Base address:0x300 

lo        Link encap:Local Loopback  
	  inet addr:127.0.0.1  Mask:255.0.0.0
	  UP LOOPBACK RUNNING  MTU:3924  Metric:1
	  RX packets:2565 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:2565 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:0 
------------------------------------------

route -n should give:
------------------------------------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
24.113.98.164   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.254   0.0.0.0         255.255.255.255 UH    0      0        0 eth1
24.113.94.87    0.0.0.0         255.255.255.255 UH    0      0        0 eth0
127.0.0.1       0.0.0.0         255.255.255.255 UH    0      0        0 lo
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
24.113.98.0     0.0.0.0         255.255.254.0   U     0      0        0 eth0
24.113.94.0     0.0.0.0         255.255.254.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         24.113.94.1     0.0.0.0         UG    0      0        0 eth0
------------------------------------------

Pinging an IP address (not names, they are broken until we fix DNS) on the
internet and the local network should give results.

With gateway, under our belt, lets get henry sorted out.

>>>>>>>>>>>>>>>>>>>>/etc/HOSTNAME
henry.novatek.co.nz
<<<<<<<<<<<<<<<<<<<</etc/HOSTNAME

>>>>>>>>>>>>>>>>>>>/etc/hosts
127.0.0.1               localhost.localdomain localhost
<<<<<<<<<<<<<<<<<<</etc/hosts

>>>>>>>>>>>>>>>>>>>/etc/networks
loopback        127.0.0.0
local-net       192.168.0.0
<<<<<<<<<<<<<<<<<<</etc/networks

>>>>>>>>>>>>>>>>>>>/etc/host.conf  # I'm not sure if this is still required!!
order hosts,bind
multi on
<<<<<<<<<<<<<<<<<</etc/host.conf

>>>>>>>>>>>>>>>>>>/etc/resolv.conf
domain novatek.co.nz
search gateway.novatek.co.nz novatek.co.nz com
nameserver 1270.0.1
<<<<<<<<<<<<<<<<<</etc/resolve.conf
Note:  Uses its own name resolver.  

Ensure that the following line exists in /etc/nsswitch.conf
>>>>>>>>>>>>>>>>>>>>/etc/nsswitch.conf
.........................
hosts:      files nisplus nis dns
........................
<<<<<<<<<<<<<<<<<<<</etc/nsswitch.conf

>>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=`cat /etc/HOSTNAME`
GATEWAY=192.168.0.254
GATEWAYDEV=eth0
#NISDOMAIN=
<<<<<<<<<<<<<<<<<<<</etc/sysconfig/network

>>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network/scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.0.3
NETMASK=255.255.255.0
NEWORK=192.168.0.0
BROADCAST=192.168.0.255
ONBOOT=yes
USRCTL=no
<<<<<<<<<<<<<<<<<<<</etc/sysconfig/network/scripts/ifcfg-eth0

>>>>>>>>>>>>>>>>>>>/etc/sysconfig/network-scripts/ipcfg-eth0-range0
IPADDR_START=192.168.0.200
IPADDR_END=192.168.0.203
CLONENUM_START=0
<<<<<<<<<<<<<<<<<<</etc/sysconfig/network-scripts/ipcfg-eth0-range9

Restart the network on henry (or reboot if /etc/HOSTNAME changed.

check ifconfig
-------------------------------
eth0      Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
	  inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  RX packets:167080 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:167307 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:99 txqueuelen:100 
	  Interrupt:12 Base address:0xe400 

eth0:0    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
	  inet addr:192.168.0.200  Bcast:192.168.0.255  Mask:255.255.255.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  Interrupt:12 Base address:0xe400 

eth0:1    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
	  inet addr:192.168.0.201  Bcast:192.168.0.255  Mask:255.255.255.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  Interrupt:12 Base address:0xe400 

eth0:2    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
	  inet addr:192.168.0.202  Bcast:192.168.0.255  Mask:255.255.255.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  Interrupt:12 Base address:0xe400 

eth0:3    Link encap:Ethernet  HWaddr 00:C0:DF:A8:25:A7  
	  inet addr:192.168.0.203  Bcast:192.168.0.255  Mask:255.255.255.0
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  Interrupt:12 Base address:0xe400 

lo        Link encap:Local Loopback  
	  inet addr:127.0.0.1  Mask:255.0.0.0
	  UP LOOPBACK RUNNING  MTU:3924  Metric:1
	  RX packets:2628 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:2628 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:0 
---------------------------------

and route -n
--------------------------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.205   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.204   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.203   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.202   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.201   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.3     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.254   0.0.0.0         UG    0      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
0.0.0.0         192.168.0.254   0.0.0.0         UG    1      0        0 eth0
-----------------------------------
I wonder why so many gateway entries, anyway it works.  I guess they get
introduced with the inclusion of each aliased ip.

Step 4.  Port Forwarding
************************

We have an internal network and the internet as an external network.  All web
and ftp serving requests are port forwarded by the firewall to the appropriate
host(s) in the internal network.  The firewall box (bastion host), is our name
server to the external world.  That is any external host request ftp or web
service will be given the appropriate external IP address of gateway.  

There is
a wrinkle in port forwarding in the ip-masqerading firewall in that if an
internal host looks up the address of say www.cmex.org, it will get the external
IP address of the firewall 24.113.98.164.  The internal host will send the
server request to to 24.113.98.164, via the internal gateway 192.168.0.254. 
The firewall (gateway) uses its routing table to decide where to send packets. 
Seeing 24.113.98.164 as its own external interface and keeps the packet in the
system before it has a chance to get to the port forwarding function.  If it is
a ftp request, the firewall's ftp server is reached, and if it is a www request,
it is lost as there is no ftp server on the gateway.

This, in a way, is also a disguised blessing, as what ever solution is chosen,
reduces the internal traffic and workload through the firewall.  The two options
I've thought up both involve internally pointing the URL names directly to the
aliased ports on henry, rather than relying on the firewall - which cannot do it
anyway.  The options are to do this through entries in the hosts table, or use
DNS.  I've opted for DNS to avoid the heartache of maintaining hosts tables
across the internal network.  The disadvantage of DNS is complexity, and the
desirablity of secondary name server for reliability.  We live on the edge, no
secondary internal DNS here yet.

Look at http://jon.novatek.co.nz/config/gateway, on the creation of a
rc.firewall file and it's getting called on startup.

Add the following port forwarding entries to cater for all internal requests:

>>>>>>>>>>>>>>>>>>>>>>>/etc/rc.d/rc.firewall
........................
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.113.94.87 80 -R 192.168.0.200 80
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.113.98.164 80 -R 192.168.0.202 80
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.113.94.87 21 -R 192.168.0.201 21
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.113.98.164 21 -R 192.168.0.203 21
........................
<<<<<<<<<<<<<<<<<<<<<<</etc/rc.d/rc.firewall

re-run the rc.firewall script, and then do a "ipmasqadm portfw -ln" and somewhere
in the listing you should see:
--------------------------------------
..............................
TCP  24.113.98.164        192.168.0.203              21       21     5    10
TCP  24.113.94.87         192.168.0.201              21       21     8    10
TCP  24.113.98.164        192.168.0.202              80       80     8    10
TCP  24.113.94.87         192.168.0.200              80       80     1    10
................................
--------------------------------------

Step 5.  Name Serving
*********************

For a tutorial and further references on Name Serving see
http://jon.novatek.co.nz/config/gateway.  This section basically presents the
config and master files. first for gateway (external serving DNS) and secondly
for henry (internal serving DNS).  All internal hosts must be set up to point to
the internal DNS.  The internal DNS (henry) in turn "forwards first" to the
external DNS gateway for URL's that it is not master or has cached, before doing
a lookup (if necessary).  Not above that /etc/resolv.conf files for both henry
and gateway, point to the internal name server on henry (192.168.0.3). ( We
should have a secondary ns - this will happen in time).  

First the files on gateway.

>>>>>>>>>>>>>>>>>/etc/named.conf
# /etc/named.conf

options {
	// Root directory for master (db) files.
	directory "/var/named";

	// If a lookup is not in our cache, query these nameservers
	// (usually our ISP's) our ISP's nameservers before attempting
	// to resolve.
	forward first;
	forwarders {
		24.2.10.33;
		24.2.10.34;
	};

	// only accept DNS requests on port 53 and valid IP addresses
	listen-on port 53 {
		127.0.0.1;      // localhost
		192.168.0.254;  // internal network interface
		24.113.94.87;   // external network interface
		24.113.98.164;  // aliased external netowrk
	};

	// may be required if this name server is behind a firewall
	// query-source address * port 53;
};

// The next two zones are the minimum required for a caching nameserver.

zone "." {
	type hint;
	file "db.root";
};

zone "0.0.127.in-addr.arpa" {
	type master;
	notify no;
	file "db.127.0.0";
};

// Master (primary) serving zones

zone "novatek.co.nz" {
	type master;
	notify yes;
	allow-transfer {
		205.166.226.38;         // ns1.granitecanyon.com
		140.200.128.13;         // ns1.waikato.ac.nz
		24.113.94.87;
		24.113.98.164;
		127.0.0.1;
		192.168.0/24;
	};
	file "primary/db.novatek.co.nz";
};

zone "cmex.org" {
	type master;
	notify yes;
	allow-transfer {
		205.166.226.38;         // ns1.granitecanyon.com
		24.113.94.87;
		24.113.98.164;
		127.0.0.1;
		192.168.0/24;
	};
	file "primary/db.cmex.org";
};

zone "87.94.113.24.in-addr.arpa" {
	type master;
	notify yes;
	allow-transfer {
		205.166.226.38;         // ns1.granitecanyon.com
		140.200.128.13;         // ns1.waikato.ac.nz
		24.113.94.87;
		24.113.98.164;
		127.0.0.1;
		192.168.0/24;
	};
	file "primary/db.24.113.94.87";
};

zone "164.98.113.24.in-addr.arpa" {
	type master;
	notify yes;
	allow-transfer {
		205.166.226.38;         // ns1.granitecanyon.com
		24.113.94.87;
		24.113.98.164;
		127.0.0.1;
		192.168.0/24;
	};
	file "primary/db.24.113.98.164";
};
<<<<<<<<<<<<<<<<<<<<<<<</etc/named.conf

The db.root and db.127.0.0 are in http://jon.novatek.co.nz/config/gateway. 
Look there for their listing.

>>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.novatek.co.nz
$TTL    1D
@               IN SOA  gateway.novatek.co.nz. hostmaster.novatek.co.nz. (
			2000022601      ; serial
				8H      ; refresh
				2H      ; retry
				1W      ; expire
				1D)     ; Min TLL

		IN NS   ns1
		IN NS   ns1.granitecanyon.com.
		IN NS   ns1.waikato.ac.nz.

		IN RP   jon.novatek.co.nz.      hostmaster.novatek.co.nz.
		IN TXT  "Jonathan Marks - Fax (707) 221-3689"

		IN MX   10 mail

gateway         IN A    24.113.94.87
		IN MX   10 mail

; specific mutlihomed i/f's
mail            IN A    24.113.94.87
ns1             IN A    24.113.94.87
ftp             IN A    24.113.94.87
www             IN A    24.113.94.87
novatek.co.nz.  IN A    24.113.94.87


; Aliases
jon             IN CNAME www
vanessa         IN CNAME www
steven          IN CNAME www
cara            IN CNAME www
<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.novatkek.co.nz

>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.cmex.org
$TTL    1D
@               IN SOA  gateway.novatek.co.nz. hostmaster.novatek.co.nz. (
			2000022701      ; serial
				8H      ; refresh
				2H      ; retry
				1W      ; expire
				1D)     ; Min TLL

		IN NS   ns1.novatek.co.nz.
		IN NS   ns1.granitecanyon.com.

		IN RP   jon.novatek.co.nz.      hostmaster.novatek.co.nz.
		IN TXT  "Jonathan Marks - Fax (707) 221-3689"

		IN MX   10 mail.novatek.co.nz

mail            IN A    24.113.94.87
ftp             IN A    24.113.98.164
www             IN A    24.113.98.164
cmex.org.       IN A    24.113.98.164
<<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.cmex.org

>>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.24.113.94.87
$TTL    1D
@               IN SOA  gateway.novatek.co.nz. hostmaster.novatek.co.nz. (
			1999072302      ; serial
				8H      ; refresh
				2H      ; retry
				1W      ; expire
				1D)     ; Min TLL

		IN NS   ns1.novatek.co.nz.
		IN NS   ns1.granitecanyon.com.
		IN NS   ns1.waikato.ac.nz.

		IN RP   jon.novatek.co.nz       hostmaster.novatek.co.nz
		IN TXT  "Jonathan Marks - Fax (707) 221-3689"

87.94.113.24.in-addr.arpa.      IN PTR  gateway.novatek.co.nz.
<<<<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.24.113.94.87

>>>>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.24.113.98.164
$TTL    1D
@               IN SOA  gateway.novatek.co.nz. hostmaster.novatek.co.nz. (
			1999072302      ; serial
				8H      ; refresh
				2H      ; retry
				1W      ; expire
				1D)     ; Min TLL

		IN NS   ns1.novatek.co.nz.
		IN NS   ns1.granitecanyon.com.

		IN RP   jon.novatek.co.nz       hostmaster.novatek.co.nz
		IN TXT  "Jonathan Marks - Fax (707) 221-3689"

164.98.113.24.in-addr.arpa.      IN PTR  cmex.com.
<<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.24.113.98.164

Thats all the files set up for gateway.  Give a /etc/rc.d/init.d/named restart
and watch /var/log/messages for:
------------------------------------------
Feb 27 23:19:11 gateway named: named shutdown succeeded
Feb 27 23:19:13 gateway named[22367]: starting.  named 8.2.2-P5 Fri Feb  4 15:25:10 EST 2000 ^Iroot@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named
Feb 27 23:19:13 gateway named[22367]: hint zone "" (IN) loaded (serial 0)
Feb 27 23:19:14 gateway named[22367]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 1999070314)
Feb 27 23:19:14 gateway named[22367]: master zone "novatek.co.nz" (IN) loaded (serial 2000022601)
Feb 27 23:19:14 gateway named[22367]: master zone "cmex.org" (IN) loaded (serial 2000022701)
Feb 27 23:19:14 gateway named[22367]: master zone "87.94.113.24.in-addr.arpa" (IN) loaded (serial 1999072302)
Feb 27 23:19:14 gateway named[22367]: master zone "164.98.113.24.in-addr.arpa" (IN) loaded (serial 1999072302)
Feb 27 23:19:14 gateway named[22367]: listening on [127.0.0.1].53 (lo)
Feb 27 23:19:14 gateway named[22367]: listening on [24.113.94.87].53 (eth0)
Feb 27 23:19:14 gateway named[22367]: listening on [24.113.98.164].53 (eth0:0)
Feb 27 23:19:14 gateway named[22367]: listening on [192.168.0.254].53 (eth1)
Feb 27 23:19:14 gateway named[22367]: Forwarding source address is [0.0.0.0].1054
Feb 27 23:19:14 gateway named: named startup succeeded
Feb 27 23:19:14 gateway named[22368]: group = 102
Feb 27 23:19:15 gateway named[22368]: user = named
Feb 27 23:19:15 gateway named[22368]: Ready to answer queries.
Feb 27 23:19:22 gateway named[22368]: suppressing duplicate notify ("87.94.113.24.in-addr.arpa" IN SOA)
Feb 27 23:19:38 gateway named[22368]: Sent NOTIFY for "164.98.113.24.in-addr.arpa IN SOA" (164.98.113.24.in-addr.arpa); 1 NS, 1 A
Feb 27 23:19:42 gateway named[22368]: Sent NOTIFY for "novatek.co.nz IN SOA" (novatek.co.nz); 2 NS, 2 A
Feb 27 23:19:43 gateway named[22368]: Received NOTIFY answer from 140.200.128.13 for "novatek.co.nz IN SOA"
Feb 27 23:19:43 gateway named[22368]: Sent NOTIFY for "cmex.org IN SOA" (cmex.org); 1 NS, 1 A
Feb 27 23:19:43 gateway named[22368]: Sent NOTIFY for "87.94.113.24.in-addr.arpa IN SOA" (87.94.113.24.in-addr.arpa); 2 NS, 2 A
-----------------------------------------------

Now on to henry.  Here's how its DNS is setup.

>>>>>>>>>>>>>>>>>>>>>/etc/named.conf
options {
	// Root directory for master (db) files.
	directory "/var/named";

	// If a lookup is not in our cache, query these nameservers
	// (usually our ISP's) our ISP's nameservers before attempting
	// to resolve.
	forward first;
	forwarders {
		192.168.0.254;
//              24.113.94.87;
	};
	listen-on port 53 {
		127.0.0.1;      // localhost
		192.168.0.3;    // physical ip address
	};

	// may be required if this name server is behind a firewall
//        query-source address * port 53;
};

// The next two zones are the minimum required for a caching nameserver.

zone "." {
	type hint;
	file "db.root";
};

zone "0.0.127.in-addr.arpa" {
	type master;
	notify no;
	file "db.127.0.0";
};

zone "novatek.co.nz" {
	type master;
	notify no;
	allow-transfer {
		24.113.94.87;
		24.113.98.164;
		127.0.0.1;
		192.168.0/24;
	};
	file "primary/db.novatek.co.nz";
};

zone "cmex.org" {
	type master;
	notify no;
	allow-transfer {
		24.113.94.87;
		24.113.98.164;
		127.0.0.1;
		192.168.0/24;
	};
	file "primary/db.cmex.org";
};

zone "0.168.192.in-addr.arpa" {
	type master;
	notify no;
	allow-transfer {
		24.113.94.87;
		24.113.98.164;
		127.0.0.1;
		192.168.0/24;
	};
	file "primary/db.192.168.0";
};
<<<<<<<<<<<<<<<<<<<<<<<<</etc/named.conf

The db.root and db.127.0.0 are in http://jon.novatek.co.nz/config/gateway. 
Look there for their listing.

>>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.novatek.co.nz
$TTL    1D
@               IN SOA  henry.novatek.co.nz. hostmaster.novatek.co.nz. (
			1999081904      ; serial
				8H      ; refresh
				2H      ; retry
				1W      ; expire
				1D)     ; Min TLL

		IN NS   henry.novatek.co.nz.

		IN RP   jon.novatek.co.nz.      hostmaster.novatek.co.nz.
		IN TXT  "Jonathan Marks - Fax (707) 221-3689"

		IN MX   10 mail

localhost       IN A    127.0.0.1
		IN MX   10 mail

hercules        IN A    192.168.0.1
		IN MX   10 mail

homer           IN A    192.168.0.2
		IN MX   10 mail

henry           IN A    192.168.0.3
		IN MX   10 mail

hal-9000        IN A    192.168.0.4
		IN MX   10 mail

beatroot        IN A    192.168.0.5
		IN MX   10 mail

hershel         IN A    192.168.0.6
		IN MX   10 mail

gateway         IN A    192.168.0.254
		IN MX   10 mail

mail		IN A	192.168.0.254
ns1		IN A	192.168.0.254
ftp		IN A	192.168.0.201
www		IN A	192.168.0.200
novatek.co.nz.  IN A    192.168.0.200


; Aliases
jon		IN CNAME www
vanessa		IN CNAME www
steven		IN CNAME www
cara		IN CNAME www
<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.novatkek.co.nz

>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.cmex.org
$TTL    1D
@               IN SOA  henry.novatek.co.nz. hostmaster.novatek.co.nz. (
			2000022601      ; serial
				8H      ; refresh
				2H      ; retry
				1W      ; expire
				1D)     ; Min TLL

		IN NS   henry.novatek.co.nz.

		IN RP   jon.novatek.co.nz.      hostmaster.novatek.co.nz.
		IN TXT  "Jonathan Marks - Fax (707) 221-3689"

		IN MX   10 mail

mail		IN A	192.168.0.254
ftp		IN A	192.168.0.203
www		IN A	192.168.0.202
cmex.org.	IN A    192.168.0.202
<<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.cmex.org

>>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.192.168.0
$TTL    1D
@               IN SOA  henry.novatek.co.nz. hostmaster.novatek.co.nz. (
			2000022601      ; serial
				8H      ; refresh
				2H      ; retry
				1W      ; expire
				1D)     ; Min TLL

		IN NS   henry.novatek.co.nz.

1               IN PTR  hercules.novatek.co.nz.
2               IN PTR  homer.novatek.co.nz.
3               IN PTR  henry.novatek.co.nz.
4               IN PTR  hal-9000.novatek.co.nz.
5               IN PTR  beatroot.novatek.co.nz.
6               IN PTR  hershel.novatek.co.nz.

200		IN PTR  www.novatek.co.nz.
201		IN PTR  ftp.novatek.co.nz.
202             IN PTR  www.cmex.org.
203             IN PTR  ftp.cmex.org.
<<<<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.192.168.0

Thats all the files set up for henry.  Give a /etc/rc.d/init.d/named restart
and watch /var/log/messages for:
------------------------------------------
Feb 27 23:42:43 henry named: named shutdown succeeded
Feb 27 23:42:44 henry named[4933]: starting.  named 8.2.2-P3 Thu Nov 11 00:04:50 EST 1999 ^Iroot@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P3/src/bin/named
Feb 27 23:42:44 henry named[4933]: hint zone "" (IN) loaded (serial 0)
Feb 27 23:42:44 henry named[4933]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 1999022700)
Feb 27 23:42:44 henry named[4933]: master zone "novatek.co.nz" (IN) loaded (serial 1999081904)
Feb 27 23:42:44 henry named[4933]: master zone "cmex.org" (IN) loaded (serial 2000022601)
Feb 27 23:42:44 henry named[4933]: master zone "0.168.192.in-addr.arpa" (IN) loaded (serial 2000022601)
Feb 27 23:42:44 henry named[4933]: listening on [127.0.0.1].53 (lo)
Feb 27 23:42:44 henry named[4933]: listening on [192.168.0.3].53 (eth0)
Feb 27 23:42:44 henry named[4933]: Forwarding source address is [0.0.0.0].1038
Feb 27 23:42:44 henry named: named startup succeeded
Feb 27 23:42:44 henry named[4934]: Ready to answer queries.
-------------------------------------------
Note there is no forwarding to secondary servers here. Risky!

Now point all clients to the local name server on henry - 192.168.0.3.
In /etc/resolv.conf in unix, and "control panel", network, dns in Windows.

ping around the internal network and external network to confirm operation. 
Also run up nslookup, and do some internal host and external host lookups.

Step 6.  Virtual Web Serving
****************************

I'm using Apache V1.3.11.  (Just upgraded to V1.3.12, still works_)

Read the configuration information at www.apache.org.
It is only necessary to configure apache on henry.
It was not necessary to use different ip addresses, but we do so anyway.  I've
included the relevant parts of the /etc/httpd/conf/httpd.conf.  Note that this
is not a complete file, it just lists relevent lines.   It should not be too
difficult to work out what I have done, by reading the description of the
configuration options at www.apache.org.

I want to virtually serve two web sites www.cmex.org and www.novatek.co.nz, also
off the novatek.co.nz domain, I want to serve websites for select users, ie
jon.novatek.co.nz, vanessa.novatek.co.nz, steven.novatek.co.nz, and
cara.novatek.co.nz.

Create a group "www".  I prefer to edit the /etc/group file and place the entry
with a gid of 60.

In addition to the select users, I've added users novatek and cmex
We have decided the location for all the web pages for all virtual servers will
be rooted off /usr/local/www.  as follows "ls -l /usr/local/www"
---------------------------------------------------
drwxr-xr-x   2 cara     www          4096 Tue Feb 29 21:34:24 2000 cara/
drwxr-xr-x   3 cmex     www          4096 Sat Feb 19 10:56:01 2000 cmex/
drwxr-xr-x  10 jon      www          4096 Thu Feb 17 20:30:04 2000 jon/
drwxr-xr-x   3 novatek  www          4096 Wed Feb 16 22:09:26 2000 novatek/
drwxr-xr-x   2 steven   www          4096 Tue Feb 29 21:34:18 2000 steven/
drwxr-xr-x   2 vanessa  www          4096 Tue Feb 29 21:34:05 2000 vanessa/
----------------------------------------------------

This structure is attractive to me, as logging in as the appropriate user, one
can to the respective web site location to edit or ftp update.  Note also, the
use of the UserDir directive in the /etc/httpd/conf/httpd.conf, so that (for
exaple) the use of www.novatek.co.nz/~jon, and jon.novatek.co.nz both work.

Relavent excerpts of the the apache config file are included below. (BTW, do you
know how Apache Server got its name?  A patchy server ;-?).

>>>>>>>>>>>>>>>>>>>>>/etc/httpd/conf/httpd.conf
### Section 2: 'Main' server configuration
#
Port 80
User nobody
Group nobody
#ServerAdmin webkeeper@novatek.co.nz
#ServerName novatek.co.nz
#DocumentRoot "/usr/local/www/"
#
# permits the use of <domain name>/~<user> where user is a subdir off the
# UserDir value.
UserDir /usr/local/www

<Directory />
    Options FollowSymLinks
    AllowOverride None					   
</Directory>
#
UserDir /usr/local/www

<Directory "/usr/local/www">
    Options MultiViews Includes FollowSymLinks ExecCGI
    AllowOverride All
    <Limit GET POST OPTIONS PROPFIND>
	Order allow,deny
	Allow from all
    </Limit>
    <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
	Order deny,allow
	Deny from all
    </Limit>
</Directory>

# permit http access to the ftp directories.
<Directory "/home/ftp/">
    Options Includes Indexes FollowSymLinks 
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

#
UseCanonicalName On
#
# Disable the Server signature
#
ServerSignature Off

######Note what is done with vcommon for virtual hosting

ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%V %h %l %u %t \"%r\" %>s %b" vcommon
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/httpd/access_log vcommon
#CustomLog /var/log/httpd/referer_log referer
#CustomLog /var/log/httpd/agent_log agent
#CustomLog /var/log/httpd/access_log combined

ServerSignature Off

NameVirtualHost  192.168.0.200:80
NameVirtualHost  192.168.0.201:80
NameVirtualHost  192.168.0.202:80
NameVirtualHost  192.168.0.203:80
NameVirtualHost  192.168.0.204:80
#NameVirtualHost         192.168.0.205:80

<VirtualHost 192.168.0.200:80>
    DocumentRoot  "/usr/local/www/novatek"
    ServerName    www.novatek.co.nz
    ServerAlias   novatek.co.nz
    ServerPath    "/usr/local/www/novatek"
    ServerAdmin   webkeeper@novatek.co.nz
    ScriptAlias   /cgi-bin/  /usr/local/www/novatek/cgi-bin
</VirtualHost>

#  internal access on .201, externally forwarded on .202
<VirtualHost 192.168.0.201:80 192.168.0.200:80>
    DocumentRoot  "/home/ftp/novatek"
    ServerName    ftp.novatek.co.nz
    ServerPath    "/home/ftp/novatek"
    ServerAdmin   webkeeper@novatek.co.nz
    ScriptAlias   /cgi-bin/  /usr/local/www/novatek/cgi-bin
</VirtualHost>

<VirtualHost 192.168.0.202:80>
    DocumentRoot  "/usr/local/www/cmex"
    ServerName    www.cmex.org
    ServerAlias   cmex.org
    ServerPath    "/usr/local/www/cmex"
    ServerAdmin   webkeeper@cmex.org
    ScriptAlias   /cgi-bin/  /usr/local/www/cmex/cgi-bin
</VirtualHost>

# internal access on .203, externally forwarded on .202
<VirtualHost 192.168.0.203:80 192.168.0.202:80>
    DocumentRoot  "/home/ftp/cmex"
    ServerName    ftp.cmex.org
    ServerPath    "/home/ftp/cmex"
    ServerAdmin   webkeeper@cmex.co.nz
    ScriptAlias   /cgi-bin/  /usr/local/www/cmex/cgi-bin
</VirtualHost>

# Virtual servers for users

<VirtualHost 192.168.0.200:80>
    DocumentRoot  "/usr/local/www/jon"
    ServerName    jon.novatek.co.nz
    ServerPath    "/usr/local/www/jon"
    ServerAdmin   jon@novatek.co.nz
    ScriptAlias   /cgi-bin/  /usr/local/www/jon/cgi-bin
</VirtualHost>

<VirtualHost 192.168.0.200:80>
    DocumentRoot  "/usr/local/www/vanessa"
    ServerName    vanessa.novatek.co.nz
    ServerPath    "/usr/local/www/vanessa"
    ServerAdmin   vanessa@novatek.co.nz
    ScriptAlias   /cgi-bin/  /usr/local/www/vanessa/cgi-bin
</VirtualHost>

<VirtualHost 192.168.0.200:80>
    DocumentRoot  "/usr/local/www/steven"
    ServerName    steven.novatek.co.nz
    ServerPath    "/usr/local/www/steven"
    ServerAdmin   steven@novatek.co.nz
    ScriptAlias   /cgi-bin/  /usr/local/www/steven/cgi-bin
</VirtualHost>

<VirtualHost 192.168.0.200:80>
    DocumentRoot  "/usr/local/www/cara"
    ServerName    cara.novatek.co.nz
    ServerPath    "/usr/local/www/cara"
    ServerAdmin   cara@novatek.co.nz
    ScriptAlias   /cgi-bin/  /usr/local/www/cara/cgi-bin
</VirtualHost>

#<VirtualHost _default_:*>
#</VirtualHost>
<<<<<<<<<<<<<<<<<<<<<<<<<</etc/httpd/conf/http.conf

Check it out accessing the server from hosts internal and external to the
network.  Check all the virtual web sites.

Step 7.  Virtual Ftp Serving
****************************

I'm using Redhat's wu-ftpd-2.6.0.  rpm.  Once installed there is a file
/usr/doc/wu-ftpd-2.6.0/HOWTO/VIRTUAL.FTP.SUPPORT.  It is also a good idea to
read /usr/doc/wu=ftpd-2.6.0/README, and follow the web links at the end of the
document.  

Following the advice for the VIRTUAL.FTP.SUPPORT document.  Virtual
ftp requires different ip aliases on the server for each
virtual ftp site.  In this example we are creating virtual servers
ftp.novatek.co.nz, and cmex.org.  

This setup is only carried out on "henry".  The aliasing setup and port forwarding
from "gateway" is covered above.

Using Complete Virtual Server Support, we first create /etc/ftpservers
>>>>>>>>>>>>>>>>>>>>>>>>>>>>/etc/ftpservers
# ftpservers

#ftp.novatek.co.nz
192.168.0.201		/etc/ftp.novatek
#ftp.cmex.org 
192.168.0.203		/etc/ftp.cmex
<<<<<<<<<<<<<<<<<<<<<<<<<<<</etc/ftpservers

we then create the directories /etc/ftp.novatek and /etc/ftp.cmex
We are opting for each ftp site to have its own ftpaccess config file.  Note the
presence of /etc/ftp.novatek/ftpaccess will prevent wu-ftp from looking at
/etc/ftpaccess.

>>>>>>>>>>>>>>>>>>>>>>>/etc/ftp.novatek/ftpacess
# ftp.novatek/ftpaccess

class   all   real,guest,anonymous  *

email ftpkeeper@novatek.co.nz

root 		/usr/local/ftp/novatek
banner 		/etc/ftp.novatek/ftpbanner
logfile		/var/log/ftp.novatek

upload  /usr/local/ftp/novatek	*               no
upload  /usr/local/ftp/novatek	/incoming       yes  ftp  ftp  0666

passwd-check warn

loginfails 5

greeting brief

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

limit   all     20      Any             /etc/msgs/ftptoomany

compress        yes             all
tar             yes             all
chmod		no		guest,anonymous
delete		no		guest,anonymous
overwrite	no		guest,anonymous
rename		no		guest,anonymous

log commands real
log transfers anonymous,real inbound,outbound
<<<<<<<<<<<<<<<<</etc/ftp.novatek/ftpacess

Then we go and create the directories under /etc/local/ftp.
I found I had little joy in being able to list the directories through ftp.  I
found I did get joy when I copied them from /home/ftp.  Heres a copy of 
ls -l /usr/local/ftp/novatek/*
----------------------------------------
d--x--x--x   2 root     root         4096 Sun Dec 12 11:04:47 1999 bin/
d--x--x--x   2 root     root         4096 Sun Dec 12 11:04:47 1999 etc/
drwxr-sr-x   2 root     root         4096 Sat Feb 26 19:09:55 2000 incoming/
drwxr-xr-x   2 root     root         4096 Sun Dec 12 11:04:48 1999 lib/
dr-xr-sr-x   7 root     ftp          4096 Thu Feb 10 22:25:48 2000 pub/
-----------------------------------------
Note the sgid bits set in incoming and pub.

I've customized the banner file as follows:
>>>>>>>>>>>>>>>>>>>>>>>>>/etc/ftp.novatek/ftpbanner

		Welcome to Novatek Electronics' FTP Site

  You are being hosted by %L.

  The local time in Vancouver, Canada is: %T

  There are %N of %M users logged on.

  Log in and have a look around.  Enjoy :-)
			%E

<<<<<<<<<<<<<<<<<<<<<<</etc/ftp.novatek/ftpbanner

Security logging.   Note that we have named the logfile /var/log/ftp.novatek. 
We now need to update the logrotate file (Redhat feature).

>>>>>>>>>>>>>>>>>>>>>>>>>>>>/etc/logrotate.d/ftpd
/var/log/ftp.novatek {
    nocompress
}

/var/log/ftp.cmex {
    nocompress
}
<<<<<<<<<<<<<<<<<<<<<<<<<<</etc/logrotate.d/ftpd

We do the same for cmex.org.

Step 8.  Virtual Mail Serving
*****************************

Mail virtual hosting is not extensive, and is done off gateway.  The
capabilities of this approach is that it receives for multiple domains as set up
in DNS MX records, and listed in /etc/mail/relay-domains.

I did plenty reading of the documentation at www.sendmail.org and some
experimenting till I got this to work.  Basic requirements are to accecpt all
emails to novatek.co.nz and cmex.org, permitting an overlap of user names across
both domain names (I believe the linuxconf solution does true virtual hosting). 
Sending of email requires the mail client to be configured with the correct
client (novatek.co.nz or cmex.org) as these are the only names we are relaying.

The config files are:
>>>>>>>>>>>>>>>>>>>>>>>>>/etc/sendmail.mc
include(`/usr/lib/sendmail-cf/m4/cf.m4')
define(`confDEF_USER_ID',``8:12'')
VERSIONID(`@(#)novatek.m4    8.10 (Novatek) July 25, 99')
OSTYPE(`linux')
undefine(`UUCP_RELAY')
undefine(`BITNET_RELAY')
define(`confAUTO_REBUILD')
define(`confTO_CONNECT', `1m')
define(`confTRY_NULL_MX_LIST',true)
define(`confDONT_PROBE_INTERFACES',true)
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
define(`confSMTP_LOGIN_MSG', `mail.$m spoken here; $b')
define(`confPRIVACY_FLAGS', `goaway')
FEATURE(`smrsh',`/usr/sbin/smrsh')
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(use_cw_file)
FEATURE(local_procmail)
MAILER(procmail)
MAILER(smtp)
FEATURE(rbl)
FEATURE(`access_db')
FEATURE(`blacklist_recipients')
<<<<<<<<<<<<<<<<<<<<</etc/sendmail.mc

Notice we do not do masqerading here.  Instead we require all clients on the
local net to be configured with the appropriate domain.  Do not forget to do:

 m4 /etc/sendmail.mc > /etc/sendmail.cf

>>>>>>>>>>>>>>>>>>/etc/mail/relay-domains
novatek.co.nz
cmex.org
<<<<<<<<<<<<<<<<<</etc/mail/relay-domains

We update the virtual user table.  Excerpts of this table are:

>>>>>>>>>>>>>>>>>>/etc/mail/virtusertable
abc@novatek.co.nz               abc
def@novatek.co.nz               def
#. . . . . . 

@novatek.co.nz                  jon

abc@cmex.org                    abc
# . . . . .
@cmex.org                       jon
<<<<<<<<<<<<<<<<<</etc/mail/virtusertable