FAQ - Frequently asked questions for FCT
----------------------------------------
So far, (nearly) _all_ problems reported with FCT depend on the
configuration of the HTTP-Server. So i give you these informations
for CGI configuration of an apache HTTP-Server.

Q0: FCT just doesnt work. I have done all you mentioned for installation.
A:  Read the rest of FAQ ;-)
    Maybe you want to >>disable any caching in your Browser<< to get the actual
    HTML-Pages generated by FCT every time!

Q1:I have problems with CGI. I get an error-message like:
   "Forbidden
   You don't have permission to access /Firewall/cgi-bin/fill_net_cfg.cgi
   on this server."
A: This occurs, when the access rights are not coorect, e.g. missing
   the x-bit for FCT/cgi-bin/*.cgi, or your HTTP-Daemon is misconfigured
   for CGI.
   Execute Install.sh to set correct access rights.
   Configure your HTTP-Daemon correct for CGI - see below.

Q2:I have problems with CGI. I get an error-message like:
   "Internal Server Error
   The server encountered an internal error or misconfiguration and was
   unable to complete your request."
A: This occurs, when the access rights are not correct, e.g. missing
   the r-bit for FCT/cgi-bin/*.cgi or an error occured while executing
   a cgi-script.
   Execute Install.sh to set correct access rights.
   Check the cgi-script, e.g. execute it by hand in a shell!

Q3:I have problems with CGI. The source-code is displayed by the HTTP-Server
   instead of executed.
A: Your HTTP-Daemon is wrong configured. CGI inst executed.
   Configure your HTTP-Daemon for CGI.
   Also, check that the access rights are set correct, see file INSTALL.

Q4: How must I setup httpd.conf ?
A: Here are my configuration entries for apache:
   httpd.conf:
   # --- new for FCT ---
   Alias /FCT /var/adm/FCT
   <Location /FCT/cgi-bin>
       Options +ExecCGI -Includes
       SetHandler cgi-script
   </Location>

   # we dont need this because SetHandler does the work!
   # To use CGI scripts without a ScriptAlias or SetHandler entry:
   # AddHandler cgi-script .cgi
   # ScriptAlias /FCT/cgi-bin/ /var/adm/FCT/cgi-bin/
 
Q5:How does CGI work, who do i configure apache for CGI?
A: See Q1-3 above.
   Some basic comments about CGI:
   - (some) CGI directories must be defined for the HTTP-Server
   -> <Location /FCT/cgi-bin>
          Options +ExecCGI
          SetHandler cgi-script
      </Location>
   -> The path '/FCT' is an alias (for the HTTP-Server) and points
      to the FCT installation directory, e.g. '/var/adm/FCT'
   -> Alias       /FCT          /var/adm/FCT

   - CGI scripts are in general executable scripts with HTML output
     or plain ascii output - for the later, the lines
     Content-type: text/plain
     ""
     must (!) be printed first.
   - all CGI scripts may be executed by hand in a shell

   - the scripts and the directory need rx-bits (read/execute) for the
     user-id of the HTTP-Server
   -> execute file Install.sh, maybe with user-id of httpd as parameter
      root# ./Install.sh -cgi wwwrun

   - The HTTP-Daemon needs a SIGHUP signal, when config files have been changed.
   
   - The HTTP-Daemon spawns aditional processes with the user-id defined in httpd.conf.
     So, in general, there is one httpd process owned by root and additional
     httpd proceses, e.g. owned by nobody or wwwrun or ...
 
Q6: How can i define the order of the services, they are always alphabetical sorted?
A:  Rename the services with a prefix, like i did with z10_ftp_passive and z11_ftp_active,
    to realize your own sorting, e.g.:
    a01_service1
    a02_service2
    b10_service3 ...

Q7: How can i use FCT with dynamic-IPs?
A:  - Set the Hostname in "Network" configuration to the whole range of possible IPs plus the
    hostname itself, e.g. hostname=firewall and dyn-IPs are 111.111.111.0-255:
    Hostname="firewall 111.111.111.0/24"
    - Alternatively you have to change the "Hostname" entry (See above) directly after you received
    your dyn. IP within an automatic script. I did this for ISDN-connections in the
    PPP-startscript /etc/ppp/ip-up.

Q8: Where can i place additional rules and personal settings?
A:  You have to setup/customize rules-files, which _must_ begin with an Uppercase-Letter.
    The default is LOCAL.rules for this purpose, also Auth.rules and Gateway.rules can be
    used, or add you own ones. Do not change: General.rules, Firewall.rules and Trusted.rules!


