Setting Up A Server

[gentoo_newguy]

Hi I just got me hands on old Dell PowerEdge 1650.
I want to setup a Server wich I am able to VPN into from a remote location.
I also want to be able to ssh and file share so Iam able to access my files where ever I am.
Could anyone reccomened away a good server guide i could use to get this going ?

[nurachi]

You may have a look at the gentoo wiki (http://gentoo-wiki.com/) wich contains a lot of tutorial. Unfortunatly it looks down today.
Google is also your friend

[minor_prophets]

Do you want to treat the installation as a proper server installation or a workstation? If the machine is exposed to the 'net, you'll probably want a hardened profile, hardened sources, no?

If server is what you want, look
http://dev.gentoo.org/~solar/server-standards.xml
edit----
This guide is pretty old, though I did extract information from it for a server I built last year
/edit----

Either way, http://www.gentoo.org/doc/en/security/security-handbook.xml is a great document to have on hand.

Also, can I see an lspci on your 1750? I've got a 1600SC I'd like to compare it against.

[gentoo_newguy]

Hi yes i would like it to be a proper server.
I want it to be live on my home network.
If possible I would like it to provide VPN access to my network and also be used as a firewall / router.
Thanks for the guide as well
May i ask why pop3 and imap should never be run ? Dont these provide mail ?

Any ideas.

[minor_prophets]

In the wake of the Gentoo-wiki hostage crisis, there is another source for valuable documentation. The motherload of offical 'too documentation:

http://www.gentoo.org/doc/en/list.xml

Are you planning on running a mail server on the 1750 as well? btw-I'm still interested in an lspci on your machine.

Also, you say File Share and ssh in the same breath. You can secure copy(use the scp command) which comes w/ ssh using ssh over vpn. If you meant another means of file sharing as well, what did you have in mind? details, please.

[gentoo_newguy]

Na not planning to run a mail server.
I was just reading thru the securit documentation.

When i next boot up the machine i will post a lspci for you.
I just want to be able to access my network from a remote location and maybe share files between the two networks (I no this can be slow) but thats what im after

[minor_prophets]

A security basic tenant is never run more services that you absolutely need. Obviously, running two additional services which your are not using increase your insecurity(both computer and your inner-facing network). That document goes over it a bit.(example-don't install X)

[Dammital]

[gentoo_newguy]

May i ask why the firewall should be on its own box.
I may do this if u think its a better idea ?? What about the vpn how should i go about doing this ?

[Dammital]

Your firewall should be virtualized or physically isolated from the rest of your network. If someone compromises your Joomla server (say) you don't want to give that person the keys to your whole network.

Expose as few services to the outside as you can. Give your servers RFC1918 IP addresses and NAT them.

Until you've run your own firewall and inspected the logs you have no idea how rough it is out there. People hammer your NAT filtering router all the time and on a variety of ports. Distributed dictionary attacks on ssh, telnet and ftp ports. Vestiges of Code Red buffer overflows against web servers. Microsoft netbios exploits. Open port probes. Kazaa, Morpheus, Napster, Gnutella, what-have-you probes. Spiders that don't respect the ROBOTS convention. Others.

[gentoo_newguy]

Wo that was a bit imense for me but i can see where our coming from.
So im going to start of buy building a firewall.

Im going to use a 3 gig harddrive do u think thats big enough ?
Then should i follow the home router guide ?
Or do u have a better suggestion

[Dammital]

As I indicated above, I put OpenBSD in a Soekris 5501. Takes as much space on my shelf as an ethernet switch, runs cool, low power requirement, contains no hard drive. Took me about an afternoon, but I'd had some OBSD exposure beforehand. You'd also have to familiarize yourself with PF, the OpenBSD packet filter.

If you want to run Linux as your firewall/router, take a look at http://openwrt.org/. OpenWRT was originally crafted to run on the Linksys WRT54G, but will also run on other consumer-grade routers. That might be a cheaper way to get a full-function Linux router.

Finally if you're determined to build a Gentoo Linux firewall (we are after all here in a Gentoo forum) the Handbook currently says you need at least 1.5GB disk space. By all means, go for more.

[Dammital]

Oh, you also asked about VPN.

IPsec is a complex beast that I haven't mastered. But I find I don't really need it -- ssh with port forwarding is more than enough to satisfy my needs for getting into my home systems from the world beyond.

(It is by the way great fun to have a fellow geek look over your shoulder to see an emacs instance running on your cell phone.)

[gentoo_newguy]

I had a look at that little device and i think i want to buy one.
Is it possible to put gentoo on it ?
How do u eveb go about installing an OS on to it.

This may be a lot more cost effect and save me a whole machine.

[minor_prophets]

Speaking of Linux firewalls, if you have an existing Linksys wrt54g device, have a quick look over at http://www.dd-wrt.com/dd-wrtv3/index.php . Basically, with openwrt(I have little experience with this but it operates similarly to dd-wrt) and dd-wrt(have 2 devices running current firmware as I speak) you can turn that $40 route rinto a $500-600 piece of hardware.

Having a firewall at your perimeter does not mean that you should not run a firewall. look at iptables for your linux boxen. There are a couple really good threads in this forum that got me started.

[minor_prophets]

Also, have a look at the IPCop distro. Runs on minimal hardware. Just need to have 2 nics(or more of course) is all.

[Dammital]

[minor_prophets]

Damnitall,

I don't *need* a Soekris 5501, but it looks like a fine product and I would like one.

Have messed around with IDS on that hardware yet?

[Dammital]

[minor_prophets]

The more time ya give her, the more she demands. And, it gets exponentially worse, the more machines you have around you.