| View previous topic :: View next topic |
| Author |
Message |
canabix67
Tux's lil' helper
Joined: 27 Jul 2006
Posts: 106
|
 Posted: Mon Aug 31, 2009 1:43 pm Post subject: [Talk] Server project <<NOOB INSIDE>> |
 |
|
Hi all,
Here I come today with yet another project.
However, I'm going for something a bit more realistic this time.
Ok here I go then...
I'm planning to buy a Laptop for the family..
Just simple emailing, web surfing, maybe a bit of multimedia, but nothing fancy, but that's not the point.
Laptop that will be running windows however.. :/ Yeah Girlfriend still struggling with Linux.
Anyhow, I have a desktop at the mo that runs Gentoo, obviously, that goes like that:
Athlon XP1800+
500Mo Ram
1 Network card
1HD 20 Go
1HD 80 Go
DVD Burner
So here is the plan, I want to use this desktop computer which is becoming oldish,
as a server for other computers in the house.
Here is what I wish for:
1/ DNS Server
2/ Web content filtering (a kid will be using the laptop)
3/ Firewall
4/ Antivirus for the windows machine
5/ Email server
6/ File server <= If I buy a new HD
7/ Printing server
This computer will be in the basement it will therefore need to be accessed remotely from the "windows" laptop.
Here is what I'm thinking about... and from there, I've got lots of questions!!
1/ DNS Server, i'm thinking about SQUID which seems to be reasonable.. Is that the best choice?
2/ What is a good choice for content filtering? It needs to have seperate logins so that I can access web pages the kid cannot for example...
3/ I guess iptable is the basic, but is there something else outhere I can use??
4/ Does that exist at all?? What I want is a antivirus installed on the server that could check the other computers regularly..
5/ Is that really usefull?? If I don't have a domain name, I guess that's useless isn't it?
7/ SMB + CUPS will do the trick I guess...
On top of that, obviously, security, stability and ease of use is the key to this project.
Another question is, can i access my server from a windows computer remotely? don't need any graphical login, the console will be sufficient I guess.
Regarding the hardware, I've understood that it was better to have 2 different networks and therefore 2 network adapters in the server...
So I plan to buy a second network adapter (no big deal) and to use then my wifi router to connect the laptop...
I'm still looking at different websites, how to's and just testing stuff on the machine at the moment.
I just wished to share this project with you guys so that I can get some feedback from "specialists" and maybe give you my humble feedback.
Looking forward to read you...
Talk to you soon.
BTW: yes I considere myself as a noob eventhough I've been using Gentoo for a while...
BTW2: If that post is in the wrong area, feel free to move it modos...  )
_________________
If my answers frighten you then you should cease asking scary questions. |
|
| Back to top |
|
 |
Mousee
Apprentice
Joined: 29 Mar 2004
Posts: 291
Location: Illinois, USA
|
| Posted: Mon Aug 31, 2009 4:54 pm Post subject: |
|
|
I've done something similar recently, though not for the same reasons, by converting a Pentium II 400mhz box with 384megs of ram into a home router.
My setup is this (sorry if some of what I say is a bit over your head.. you'll get there eventually too  ):
Hardware:
- 3 NICs: 2x 10/100mbit, 1x Gigabit NIC
- 1x Linksys WRT54G Wireless router (acting as a hub for the 100mbit network)
- 1x 8-port Gigabit switch
Software:
- Normal Stage3 Gentoo Install w/ march=i686 CLFAGS (to allow other boxes to help compile via distcc)
- DNSMasq: Lightweight DNS Cache and DHCP Server. Works amazingly well and was super easy to setup/configure. Also essential in getting my network compatible with Windows File/Printer Sharing.
- Samba: Using minimal USE flags as I'm doing no printer sharing, I was able to configure Samba as a WINS server to allow detection of my Windows Shares across my subnets (something you won't need though as I imagine you'll only have 1 subnet).
- IPTables: The most widely supported and easy to use firewall option out there. I configure everything by hand, but you can install something like Shorewall along with Webmin afterwards to get a very nice GUI for your firewall rules (it automates the process a bit too).
- Dropbear: Instead of using the default sshd provided by the OpenSSH package, which IMO is quite bloated for a home router, dropbear is a nice, lightweight sshd alternative to login and maintain the router. This is how I would personally access my router remotely (from Windows) if I had to. Just open a port in your firewall (iptables) for it on the WAN and there you go.
- Webmin: I don't use it or have it turned on at boot, but sometimes it's easier to explain things to other people with a GUI... *sigh*. It has a nice Shorewall interface though and I've been considering using that to monitor traffic across my router.
- RRDTool: To monitor network traffic and the like - see below.
- Lighttpd: Again something I don't require or have turned on at boot, but I've set it up along with a trimmed version of PHP to enable me to view network traffic and other such statistics via web interface. In particular I use a php stats page called VPSInfo and a couple CGI scripts to monitor network traffic and harddrive temps.
- Smartmontools: Used to monitor my harddrive which I believe is dying. It takes up minimal overhead and is easy to setup so no reason not to have it running.
Besides a drive issue with my Gigabit network card that I spent a day researching to fix, this entire setup took maybe 3 days (with daily life happening inbetween obviously), including compiling all of the tools and such. Now it's happily churning away in my room... waiting to be moved back into the frontroom, heh. Just be sure you give yourself sufficient time to prepare for setting up the server BEFORE you go to set it up as a router. Once you decide to make it a router, no one is going to have internet access while you plug it in to the cable/adsl modem (or whatever) and configure it. I wrote my IPTables rules, setup my conf.d/net file, and all of that fun stuff before I went ahead and plugged my router in directly to the cable modem. Made things a lot easier... though I'm sure you could always unplug it if things go bad too 
Anyways, the Gentoo Wiki has a rather nice guide for exactly what you're trying to do in fact and would cut down on your research time significantly: http://en.gentoo-wiki.com/wiki/Home_Server
EDIT: As to your questions... eh.
- 1) No. SQUID is essentially a web caching service, not a DNS service. It can cache DNS requests much like DNSMasq, but doesn't work the same way and doesn't provide DHCP services (which you will need).
- 2)Unfortunately I've never had to deal with that issue, so I'm not sure there. I know I've seen articles around the forums before on it however. Squid, if anything, would be what you're looking at but i have no idea how to set that up to filter such content. EDIT: Found this via quick Google search and it seems to work for what you want: http://www.slack-tux.org/howto/setup-content-filtering-with-dansguardian/
- 3) See my comment above about using Shorewall with Webmin. Those tools, combined with Iptables, is probably what you're looking for.
- 4) Nothing that I'm aware of that isn't a corporate-level software (and thus expensive). Again someone else may have more info on that.
- 5) It wouldn't be wise to set one up at home, no. For multiple reasons really - typically involving your ISP's restrictions and how other email servers will see your own mail server (or more specifically how they'll react to your IP address/range). Perhaps if you had a mail server setup somewhere else you could use your home mail server to forward emails to it, but again I don't see any real use or reason for it.
- 6) Covered under the guide I posted above also - which includes anti-virus scanning if you decide to use it too.
|
|
| Back to top |
|
|
canabix67
Tux's lil' helper
Joined: 27 Jul 2006
Posts: 106
|
| Posted: Mon Aug 31, 2009 5:12 pm Post subject: |
|
|
Really interesting... Thanks for the input...
I just noticed I made a mistake... I said DNS but though Proxy...
I have to say I'm a bit lost now... I pretty much know what a Proxy is... But I'll check what DNS is now... :/
/me Noob... )
Well Proxy seems to be pretty much like a DNS isn't it?
I think I'll go for IPTables anyways as it's in the kernel and seems the best bet for firewall...
I'm relieved about the access stuff from windows... ) and shall explore Dropbear a bit more...
Thanks for the link... I'll read that ASAP....
_________________
If my answers frighten you then you should cease asking scary questions. |
|
| Back to top |
|
|
Mousee
Apprentice
Joined: 29 Mar 2004
Posts: 291
Location: Illinois, USA
|
| Posted: Mon Aug 31, 2009 7:21 pm Post subject: |
|
|
| canabix67 wrote: |
Well Proxy seems to be pretty much like a DNS isn't it?
|
Heh, no they're quite different actually. A proxy (server) essentially takes requests from one (client) computer and after filtering those requests, seeks out and delivers the resources that (client) computer is requesting from other servers. It would be like me asking you to get me a cup of coffee. I could get it myself, but let's say for some reason it was faster or safer for you to get the cup of coffee for me, thus I would have you do it instead. In the process of delivering the coffee to me though you find there's a piece of paper floating in the coffee and remove it before giving me the coffee. A DNS server works differently in that, in the case of the coffee example, you aren't delivering the coffee to me but giving me exact directions as to where I can go and get it. If there's a bug or piece of paper in my coffee when I get it, I have to filter that out myself. Granted this is a stretch on the reality of what a DNS server actually provides. A DNS server knows how to get to places on the internet, like www.google.com, and when your computer makes a request to get there it tells your computer how to get there. That is a very simple and basic explanation of the differences between the two anyways.
The reason why I suggested DNSMasq is because I thought I'd understood you wanted to make your server into a router (thus the extra network card?). If that is indeed the case then DNSMasq would truly be the easiest and most simple program to install to cover what you'll need to do so (besides iptables). If you read that Home Server guide from the Gentoo Wiki I linked, it should give you an idea of why you need to use it.
| Quote: |
I think I'll go for IPTables anyways as it's in the kernel and seems the best bet for firewall...
|
Well it's supported in the kernel yes, but you still have to "emerge iptables" to install the software to use it
| Quote: |
I'm relieved about the access stuff from windows... ) and shall explore Dropbear a bit more...
|
Don't worry a great deal about Dropbear until after you get your server working. I like it cause it uses a lot less memory than the default sshd, as I said.
If you'd like to try it out though and compare, you can install it and disable the old sshd by doing the following from a physical terminal aka keyboard & monitor (without ever removing the old sshd server mind you, so you can always go back):
- emerge -av dropbear
- /etc/init.d/sshd stop
- /etc/init.d/dropbear start
Again I wouldn't worry much about it though. |
|
| Back to top |
|
|
canabix67
Tux's lil' helper
Joined: 27 Jul 2006
Posts: 106
|
| Posted: Tue Sep 01, 2009 8:47 am Post subject: |
|
|
Wooaoo!!
Thanks for that... I now really understand what we're talking about...
But I'm still a bit lost in the way that I now don't know what I need...
My first guess would be, I need both... I need a DNS to tell me where the coffee is and
a proxy that checks that the coffee is clean... Is that correct?
What would be the advantage of having my own DNS? is it quicker? safer?
I've already used a proxy and a content checker, so I pretty much understand the advantage of having my own proxy,
but a DNS... I'm a bit confused...
Then again, I'm wondering if that can be used in the same box...
In fact, I think I'll have to specify my needs first before I go any further.
I think i don't really need a router, but more something like a gateway...
But, again, I guess this could be all-in one couldn't it?
Another question I'm thinking about... i read the link you gave me (quickly) and
understood that I needed a switch and not a router to connect my LAN to the router box
which is then connected to WAN.
However, I'm thinking about that hardware architecture:
WAN -- NIC1 -- [Gentoo box] -- NIC 2 -- LAN router + wifi -- Computer LAN
My problem is that I will need wireless for the laptop and as the box will be in the basement,
I need that router to connect the wirelessly don't I? Could that configuration work at all?
Again, thanks for your input... it's just really great!
_________________
If my answers frighten you then you should cease asking scary questions. |
|
| Back to top |
|
|
Mousee
Apprentice
Joined: 29 Mar 2004
Posts: 291
Location: Illinois, USA
|
| Posted: Tue Sep 01, 2009 12:03 pm Post subject: |
|
|
Heh, glad I could help you out 
Judging by the network layout you showed me here:
| Quote: |
WAN -- NIC1 -- [Gentoo box] -- NIC 2 -- LAN router + wifi -- Computer LAN
|
Then yes, you'll definitely be creating a router out of the Gentoo box.
It's the same concept as using your current LAN/Wifi router. I'm not going to go into a rather long explanation as to why you need a router versus a gateway though, you'll have plenty of time to read up on routers versus gateways and such later I'm sure
Anyways!
Using DNSMasq you really aren't setting up your own DNS server exactly...
DNSMasq works like a "DNS Forwarder". The difference between the two is a bit technical... but I'll try to explain. Let's go back to the coffee example. When I explained DNS servers in the coffee example, I said that they provide you with the directions to get places and not the content of those places themselves. A "DNS Forwarder" doesn't actually store the knowledge itself of how to get to Point A to Point B, but instead makes the requests elsewhere and returns the results. In the case of DNSMasq it will also "cache" your most recent requests so that when you make them again, they're even faster!
So putting this into terms of our coffee example: You are the "DNS Forwarder" and I explain to you that I'm interested in a triple espresso. You tell me that you don't know of any place to get them but you do know someone that might, so you make a call and get the directions to a coffee shop that offers triple espressos, and then pass those directions on to me. You also keep a note of the directions in your pocket just in case I or someone else asks you again.
That, in essence, is what's going on. The reason why you're using DNSMasq in this case over a DNS server is because DNSMasq provides two services in one (DNS Forwarding and DHCP), is much easier to configure and use, and uses far less memory than most current DNS servers. Also to clarify, DHCP services give each computer in your local network an IP address and potentially a hostname (ie. Client1, Client2, etc).
Now your proxy server comes into play for your content filtering/parental control. The link I provided in my first post to "dansguardian" I believe is exactly what you're looking for. You'll have to ignore the source compiling part of the guide, since you can just type in "emerge dansguardian squid" and get both packages from portage, but otherwise the guide should work just fine to get you a decent content filter. Also to note, Webmin has an interface for both Squid and Dansguardian I believe.
As to your final concern about needing a wireless router, what I would do personally, is either connect a Switch/Hub to your NIC2 and then hook up your old wireless router to that, or it might work to hook up the wireless router directly to NIC2 and then use it's available ports for the rest of your LAN. It would look something like one of these two diagrams (the plus sign (+) simply means you have multiple outputs coming out of the switch/hub, 1 going into the wireless router and one going into the other LAN clients... I just can't draw it in text lol):
| Code: |
WAN -- NIC1 -- [Gentoo Box] -- NIC2 -- Switch/Hub + Wireless Router and Other LAN Clients
|
| Code: |
WAN -- NIC1 -- [Gentoo Box] -- NIC2 -- Wireless Router + Other LAN Clients
|
Either way should work just fine, though it may depend on how your wireless router works. Make sure if you do go with this configuration to plug in the ethernet cable going from NIC2 (or the switch/hub) to the wireless router into the port on the wireless router that you normally plug your WAN into. Typically it's the port that's separated from the other ones.
Hopefully that answers most of your questions... |
|
| Back to top |
|
|
canabix67
Tux's lil' helper
Joined: 27 Jul 2006
Posts: 106
|
| Posted: Tue Sep 01, 2009 1:09 pm Post subject: |
|
|
That's just brilliant!!!
You're the man when it comes to explaining how to get coffee!!! LOL
Well it's all a bit clearer... now let's get to work ;o)
I shall post my experience here and hopefully continue sharing experience with you and who knows maybe others! LOL
Need to find a laptop too I guess...
_________________
If my answers frighten you then you should cease asking scary questions. |
|
| Back to top |
|
|
Mousee
Apprentice
Joined: 29 Mar 2004
Posts: 291
Location: Illinois, USA
|
| Posted: Tue Sep 01, 2009 2:00 pm Post subject: |
|
|
lol funny thing is I don't even like coffee that much :p
Anyways, good luck and post if you have any issues or more questions... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
