From NeoWiki

UnrealIRCd is the Internet Relay Chat, or IRC, daemon that NeoturbineNET uses exclusively. If you want to potentially become a link on our network you'll need to install UnrealIRCd and BOPM.

This guide details, step-by-step, how to compile and configure UnrealIRCd from source. We provide no guarantees that the steps below will work for your specific situation.

If you have a problem following this guide and need some advice/hand-holding/guidance/help/whatever join #neoturbine on NeoturbineNET IRC.

Contents 1 Installation 1.1 Downloading 1.2 Building 1.2.1 Pre-Build 1.2.2 Compiling 2 Configuration 2.1 unrealircd.conf 2.2 Firewall 2.2.1 What Ports? 2.2.2 iptables 2.2.2.1 Back up iptables.conf 2.2.3 NAT/Port Forwarding 3 Starting 3.1 ircdchk 3.2 Boot-time 4 Additional Information

[edit] Installation

Before Unreal can be downloaded, installed, and configured a few things have to be set up. You'll need root access to a server to create a separate account to run UnrealIRCd under.

To create a user account dedicated specifically to running Unreal run the following as root:

useradd ircd --home /home/ircd --create-home --shell /bin/bash

It will prompt you for a password and ask for verification. It may also ask for other optional information. The most important part is to set your shell as bash.

If you don't get prompted for a password, run the following to add a password to the user ircd:

passwd ircd

Now, switch to the UnrealIRCd account you just created:

su ircd

Be sure you're in the ircd user's home directory by running:

cd

Because there are no binary packages for UnrealIRCd we opt to compile UnrealIRCd from it's distributed source code. Don't worry; it's not as hard as it sounds. The first step is obtaining the source in tarball form.

[edit] Downloading

The most recent, stable version of Unreal is 3.2.8.1, which was released on April 13th, 2009[1] as a security fix for version 3.2.8.

• The tarball can be downloaded at one of the following mirrors.
  • http://www.unrealircd.com/downloads/unreal/source
  • http://www.unrealircd.com/downloads/Unreal3.2.8.1.tar.gz
  • If you're interested, UnrealIRCd also has a development SVN [2]

While logged in to your ircd user account use wget to download the source code from a mirror:

wget http://www.unrealircd.com/downloads/Unreal3.2.8.1.tar.gz

Make sure you verify checksums. UnrealIRCd source has been compromised on mirrors in the past [3].

Verify the MD5 hash:

md5sum Unreal3.2.8.1.tar.gz

It should return:

7b741e94e867c0a7370553fd01506c66  Unreal3.2.8.1.tar.gz

Verify the SHA1 hash:

sha1sum Unreal3.2.8.1.tar.gz

It should return:

363c3c995bb38cf601f409610ce1937a0002c419  Unreal3.2.8.1.tar.gz

Verify the GPG signature: Download the signature file:

wget http://www.unrealircd.com/pgp/Unreal3.2.8.1.tar.gz.asc

Download the releases@unrealircd.com GPG key

gpg --recv-keys 0x9FF03937 --keyserver keys.gnupg.net

Verify the GPG signature:

gpg --verify Unreal3.2.8.1.tar.gz.asc Unreal3.2.8.1.tar.gz

It should return something similar to this:

gpg: Signature made Sat 12 Jun 2010 01:48:25 PM CDT using DSA key ID 9FF03937
gpg: Good signature from "UnrealIRCd Distribution Verification Key (for verification of software downloads only!) <releases@unrealircd.com>"

[edit] Building

Once you've got the source code, you'll want to decompress it: (assuming it a gzipped tar archive)

tar xzfv Unreal3.2.8.1.tar.gz

This will create a directory Unreal3.2 in /home/ircd/. Switch to this directory:

cd Unreal3.2/

Prepare for the compiling stage of the install by running UnrealIRCd's guided ./Config script:

./Config

You will see a welcome screen to the UnrealIRCd Configuration Program; hit Enter to continue. At this point, the Unreal 3.2.8.1 Release Notes will be displayed (e.g. General Information, ChangeLog, and so forth). Simply hit space a few times to scroll through the release notes and eventually it will tell you to hit Enter to continue; do so.

[edit] Pre-Build

This ./Config script helps set up how UnrealIRCd will be compiled on your specific system by asking twenty questions. The values provided in brackets [] are default values, and in most cases, are acceptable. Hitting the Enter key on your keyboard will accept the default value provided in the brackets.

We've included the list of questions here. A blank answer means we recommend using the default value (i.e. press Enter to continue). Questions that require you to input a value other than the default are in bold. We've also commented this list with hash marks (#).

Do you want to enable the server anti-spoof protection?
# more info: http://forums.unrealircd.com/viewtopic.php?f=1&t=6458
[No] -> Yes 

What directory are all the server configuration files in?
[/home/ircd/Unreal3.2] ->

What is the path to the ircd binary including the name of the binary?
[/home/ircd/Unreal3.2/src/ircd] ->

Would you like to compile as a hub or as a leaf?
Type Hub to select hub and Leaf to select leaf.
[Hub] -> Hub

What is the hostname of the server running your IRCd?
# Use an exterior (not LOCAL!) hostname; preferably a dynamic DNS hostname (get one from http://dyndns.org/, http://www.yi.org, or http://freedns.afraid.org/)
[yourlocalhostname] -> yourserver.dyndns.org

What should the default permissions for your configuration files be? (Set this to 0 to disable)
It is strongly recommended that you use 0600 to prevent unwanted reading of the file
[0600] ->

Do you want to support SSL (Secure Sockets Layer) connections?
[No] -> Yes

If you know the path to OpenSSL on your system, enter it here. If not leave this blank
[] ->

Do you want to enable IPv6 support?
# Type "Yes" here if your server/ISP supports IPv6; otherwise, default of No is fine
[No] -> 

Do you want to enable ziplinks support?
[No] -> Yes

If you know the path to zlib on your system, enter it here. If not leave this blank
[] ->

Do you want to enable remote includes?
[No] -> 

Do you want to enable prefixes for chanadmin and chanowner?
This will give +a the & prefix and ~ for +q (just like +o is @)
Supported by the major clients (mIRC, xchat, epic, eggdrop, Klient,
PJIRC, irssi, CGI:IRC, etc.)
This feature should be enabled/disabled network-wide.
[Yes] -> 

What listen() backlog value do you wish to use?  Some older servers have problems with more than 5, others work fine with many more.
[5] ->

How far back do you want to keep the nickname history?
[2000] -> 

What is the maximum sendq length you wish to have?
[3000000] ->

How many buffer pools would you like?
This number will be multiplied by MAXSENDQLENGTH.
[18] -> 

How many file descriptors (or sockets) can the IRCd use?
[1024] ->

Would you like any more parameters to configure?
Write them here:
[]->

Once you've answered all the questions the ./Config script will run a bunch of checks and prepare for the actual compiling of Unreal.

Since we asked for SSL support, the ./Config script will at some point ask to Generate an RSA key. Here, it asks for information including Country Name, State/Province, Locality Name [city], Organization Unit & Name, and Common Name.

The only really important thing here is Common Name. It should be the same as that dynamic DNS hostname you put in when you first ran ./Config. Once finished, it will congratulate you on your new certificate. To continue hit Enter.

If all the checks are successful, it will say so and tell you to run make. If it's unsuccessful (e.g. fails with some sort of error; or anything other than "Congratulations!"), visit #neoturbine on NeoturbineNET for help.

[edit] Compiling

Compile UnrealIRCd, just like the on-screen message says to, with:

make

This will compile UnrealIRCd source code to binary. When this step is complete (it can take anywhere from 1 to 30 minute[s], depending on processor speed), UnrealIRCd will be installed!

[edit] Configuration

The software configuration needed to get UnrealIRCd up and running mostly involves the unrealircd.conf configuration file that Unreal uses to set up all its links, operators (IRCops), and networking.

If you have a firewall, it may need adjusting so that UnrealIRCd can play nice with your clients and any servers you plan on linking to.

[edit] unrealircd.conf

The default configuration file (example.conf) that comes with Unreal is a pain to work off of. DO NOT even try to use it!

• For now, you can use our pretty, commented UnrealIRCd configuration
  • This configuration file is somewhat tailored to the NeoturbineNET network, but we'd like to think that it's useful to anyone interested in Unreal.

UnrealIRCd 3.2 Official Documentation contains in-depth information for all of the configuration file's options.

If you want to join our network you will eventually have to visit Neoturbine HA for information on how to configure high availability.

[edit] Firewall

Poke some holes in your firewall to allow connections from clients and other servers. We recommend allowing access to the following ports to get UnrealIRCd working.

[edit] What Ports?

If you're using the example configuration linked in the unrealircd.conf section, unblocking 6667, 6697, 8067, and 7150 is highly recommended.

• Client ports
  • 6667 - De-facto client port.
  • 8067 - Alternate port for client connections.
    • You don't need to unblock this; it's just a friendly thing to do for people who may be trying to connect from school/work where port 6667 could be blocked.
  • 6697 - SSL ("secure") client port. [This is what that whole certificate creation thing was about, in case you were wondering.]

• Server ports
  • 7150 - Server linkage port.
    • If you're not joining a network and just keeping a standalone server without IRC services or any other servers, then you can keep this port closed.
    • If you ARE running services (such as Anope), but it's on the same computer as Unreal, you shouldn't need to unblock 7150 since you'll probably just be linking to localhost.

[edit] iptables

The most common Linux firewall is iptables. The commands to run (as root/with sudo) to unblock the above ports with iptables would be:

iptables -I INPUT -p tcp --dport 6667 -j ACCEPT
iptables -I INPUT -p tcp --dport 8067 -j ACCEPT
iptables -I INPUT -p tcp --dport 6697 -j ACCEPT
iptables -I INPUT -p tcp --dport 7150 -j ACCEPT

Listen for connections on privileged ports (<=1024)

Only root can listen for connections on or under port 1024. With iptables we can map low ports to higher ports that UnrealIRCd is already listening on.

echo mapping destination port 21 to 6697
iptables -t nat -I PREROUTING -p tcp --dport 21 -j DNAT --to 10.X.X.X:6697
iptables -I FORWARD -p tcp -d 10.X.X.X --dport 6697 -j ACCEPT

Users will now be able to connect to your ircd on port 21 as if they were connecting on port 6697 (ssl.) UnrealIRCd remains safe as it is not running as root.

Note: If you use this and UnrealIRCd shutsdown or doesn't start any user on the system could start a daemon listening for connections on 6667 to gather/steal information from both ports 6697 and 21.

Throttle Non-SSL connections

When someone initiates a network flood they connect a few clones/zombies. With the following iptables lines they'll only be able to connect two clones/zombies every two minutes. All connections on Non-SSL ports (6667, 8067) will be dropped (or, optionally, sent to the TARPIT). You should probably modify this to suite your normal connection load.

iptables -A INPUT -p tcp -m tcp --dport 8067 -m state --state NEW -m recent --update --seconds 120 --hitcount 2 --name DEFAULT --rsource -j DROP 
iptables -A INPUT -p tcp -m tcp --dport 8067 -m state --state NEW -m recent --set --name DEFAULT --rsource 
iptables -A INPUT -p tcp -m tcp --dport 6667 -m state --state NEW -m recent --update --seconds 120 --hitcount 2 --name DEFAULT --rsource -j DROP 
iptables -A INPUT -p tcp -m tcp --dport 6667 -m state --state NEW -m recent --set --name DEFAULT --rsource 

[edit] Back up iptables.conf

You might want to back up your iptables configuration. On Debain run:

iptables-save > /etc/iptables.conf

Also, on Debian, if you want iptables config to survive a reboot add this to your /etc/network/interfaces:

iface eth0 inet dhcp # your primary interface
        pre-up iptables-restore < /etc/iptables.conf

[edit] NAT/Port Forwarding

If you're using your home connection and you have a home (wireless?) router such as a Linksys/D-link/Netgear - it's likely that the router is using NAT (Network Address Translation) which will require you to forward ports in the router.

You can get detailed step-by-step instructions on how to forward ports in your router at http://portforward.com/.

• You'll be able to choose your make/model of router, then it should ask for the IP address and service you are interested in forwarding.
• For the IP address, you can run the following command and go with the IP address listed directly after the text "inet addr":

ifconfig | grep 'inet addr' | grep -v '127.0.0.1'

The output will be something like:

inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0

If the IP address isn't 192.168.x.x, 10.x.x.x, or between 172.16.x.x and 172.31.x.x - you probably don't have NAT and shouldn't worry about any of this section.

• For the service, just choose something like mIRC Chat.
• Instead of the port numbers that portforward.com lists, create rules for each of the ports, listed above in the What Ports? section, that you intend to forward.

[edit] Starting

You'll want UnrealIRCd to start on it's own at boot. The two major ways to have UnrealIRCd start automatically are:

• The ircdchk script that comes with UnrealIRCd which checks if the ircd is running every 10 minutes
• Start upon booting the computer

Having both methods setup is even better!

[edit] ircdchk

One way to automatically start UnrealIRCd is by using cron with the provided shell script (ircdcron/ircdchk). To add it to the crontab run:

crontab -e 

Add this:

0,10,20,30,40,50 * * * *   /home/ircd/Unreal3.2/ircdcron/ircdchk >/dev/null 2>&1

This script will check if UnrealIRCd is running every 10 minutes. If Unreal isn't running, then the script will start it.

The only problem with this is that if your machine reboots for some reason at 1 minute past the hour, Unreal will be down for nine whole minutes. So, it may be wise to make Unreal start on boot as well.

[edit] Boot-time

Starting Unreal automatically when your computer boots is done by adding a line to your /etc/rc.local file. You will need to be the root user, or at least have sudo privilege to do this.

Add the following line to the /etc/rc.local file, making sure that it comes above the "exit 0" line - if there is one.

su -c /home/ircd/Unreal3.2/src/ircd ircd

If your rc.local file doesn't exist in /etc/ - it probably has the same name, just somewhere else. Try running the command locate rc.local (as root/with sudo) to find it and replace /etc/ in the command above with the path to your rc.local file.

UnrealIRCd should be coming up on it's own, whether it be at boot or from the ircdchk script within 10 minutes.

[edit] Additional Information

• UnrealIRCd FAQ
• UnrealIRCd 3.2 Official Documentation
• Another UnrealIRCd installation tutorial