I have been away from the post a couple of days. Other things had more urgency and/or priority.
Continuing on the HomeServer project:
I have had a look at the harddisk which will hold the very first instalment of the HomeServer project and although I thought I had an 8 GB drive it seems that it is only a 4.3 GB drive. This does not stop the project as this - initially - is more than we need.
Software needed:
first off we need a base on which to build everything on. As this blog is on Linux you have probably guessed that I will not choose Microsoft Windows (tm) for this project. But almost any *nix would be an excellent choice. Maybe one of the *BSDs around would have been the obvious choice but as I have no experience on BSD I would rather not choose that. Which leaves us with ; Linux.
I have tried a few Linux distributions and they have all had their contribution to making Linux a better product. But I am going to select ubuntu (http://www.ubuntu.com) for the job. This choice is made on the basis of three major reasons.
1. ubuntu is based upon debian which has a reputation of a conservative but rock solid distribution that is well proven and tested. Ideal for a server
2. ubuntu has newer versions of software bundled than debian. You might say that ubuntu is a solid performer with an edge.
3. ubuntu uses the .deb packaging system for updates.
The firewall
Linux has built-in firewall and routing capabilities right out of the box, ipchains up to kernel 2.4 and iptables since the 2.3 kernel series. administering netfilter though can be quite tricky and complicated.
I am currently researching shorewall and will post my findings in a later blog.
September 18, 2007
September 14, 2007
HomeServer Part 2 - Planning continued
The requirements for my particular HomeServer are as follows:
- Firewall (including routing of possible multiple networks)
- Virtual Private Networking
- E-mail scanning
- Intrusion Detection
- SMB storage for Windows boxes
- NFS storage for *nix boxes
- Backup of above storage
- HTTP Proxying
- Web server with server side scripting (for administration module + development of dynamic web pages)
- Database (for development of database driven websites)
Hardware requirements:
The firewall in itself does not require much in system hardware. My Pentium 133 had only 32MB of memory and an 8 GB harddrive. and it had an idle rate of more than 98 per cent. Running multiple VPN connection *will* need processing power.
The HTTP Proxy database and the webserver will need plenty of memory - the more the merrier.
The storage area (which will be accessible from both *nix (NFS) and (Windows) needs space and preferably the infrastructure to run with some kind of redundancy. Again the more memory that is available, the bigger th chance will be that the required piece of storage will be in memory.
Backup will be burned onto CD and DVD.
As I don't have any funds that will influeence the hardware setup. The current storage is an 8 GB harddrive. the CPU an older Pentium
Personal note : I will be out all day tomorrow attending a wedding so there will only be a small blog if any.
HomeServer Part 1 – Planning
When you want to have yourself a (new) server you can always just jump into action without planning ahead and just making decisions as the need arises. But if you decide to plan ahead, you will find that everything will run smoother and that there will be fewer areas which you will not have thought through or even completely missed.
Of course you will not be able to foresee all problems and challenges but alone the act of planning systematically will reduce the number of problems, their severity and the challenge of overcoming them.
It will also help you with the schedule and quality control of your project.
The plan should contain the goal or mission of your project. You need to defind a main goal and perhaps some secondary goals. Each of these can then be divided into sub goals that when all fulfilled will fulfill the main goal. Each of the sub goals can then again be divided into sub goals. Keep dividing the goals ‘till you each is well defined and have a measurable fulfillment requirement.
This technique is also called divide and conquer.
Now this document of goals and sub goals is not set in stone, once you have written it. As you work your way through your project you may find, that you need to amend, add, refine, etc these. This is in itself not a failure merely a reflection of a changing world as well as your acquiring more knowledge and skills
To put this technique into practice in our little project we can define the following super, main and secondary goals:
Project : HomeServer
Super goal :
Of course you will not be able to foresee all problems and challenges but alone the act of planning systematically will reduce the number of problems, their severity and the challenge of overcoming them.
It will also help you with the schedule and quality control of your project.
The plan should contain the goal or mission of your project. You need to defind a main goal and perhaps some secondary goals. Each of these can then be divided into sub goals that when all fulfilled will fulfill the main goal. Each of the sub goals can then again be divided into sub goals. Keep dividing the goals ‘till you each is well defined and have a measurable fulfillment requirement.
This technique is also called divide and conquer.
Now this document of goals and sub goals is not set in stone, once you have written it. As you work your way through your project you may find, that you need to amend, add, refine, etc these. This is in itself not a failure merely a reflection of a changing world as well as your acquiring more knowledge and skills
To put this technique into practice in our little project we can define the following super, main and secondary goals:
Project : HomeServer
Super goal :
- Support and secure the IT needs of a SOHO(Small Office/Home Office)
Main goal :
- Secure the local network from attacks coming from both the internet and the local network (ie Firewall/routing , perhaps email-scanning)
Secondary goals :
- Provide easy and secure storage of data (Fileserver and Backup of data)
- Easy administration
If we break down the main goal into sub goals this could be:
Main Goal : “Securing the local network from attacks”
- Firewalling : Define rules for packets going through our system. Which ones will we allow? What to do with the ones we will not allow?
- Routing: In case of multiple networks (ie in larger setup); which packet goes where? Differentiated rules for different networks; secure, intermediate, open networks, DMZ (DeMilitarized Zones) for public or intranet services.
- Intrusion Detection: Help prevent our system of being compromised and aid in the investigation of attempts and incidents of intrusion.
- Virus protection: Scanning of incoming and outgoing mail, scanning of storage for Vira, SpyWare, Trojans etc.
Secondary goal: “Provide easy and secure storage”
- Provide Windows boxes (and other boxes) with remote storage. (e.g. through Samba)
- Provide *nix boxes with remote storage (e.g. through NFS)
- Provide regular and reliable backup of remote storage
Secondary goal : “Easy Administration”
- Provide a simple interface accessible on many platforms to administer and supervise the system tailoring the information level to the given user.
In part 2 we will continue with the planning making it more detailed and concrete with our project in mind.
Later parts will include choice of hardware, software and policies. We will also take a look at setting up (some of) the software chosen.
September 11, 2007
New Firewall?!?
As my trusty old Pentium 133 died not too long ago I am in the process of building a new firewall. The old firewall is temporarily replaced by a 700 MHz Celeron running with the same harddrive and setup that ran on the 133.
The 133 had a friend in a 233 Pentium MMX which did the fileserving, http-proxy etc job. Both of these are now retired and in the process of being replaced by a single machine. Until I get my hands on some new hardware the semi old Celeron (bought back in 1999 or 2000) which is actually my parent's machine will perform as a stand-in.
The old firewall/server pair ran Debian with 2.4_bf kernels. And as the Celeron just "inherited" the disk from the old firewall it still runs the 2.4 Debian kernel. When time allows I will be building a new boot drive to replace it. This drive will replace the Debian now running on the interim 700 MHz celeron. It will also be the boot drive of the new system.
The choice of distribution for the new firewall/server machine will be ubuntu server. I am not quite sure if it will be the 7.04 or the older 6.06 LTS(Long Term Support) version. I have decided to switch to Ubuntu as it ;
The hardware for the future firewall/server wil most likely be a socket 775 celeron on a MSI motherboard with Intel chip set. the plan is to make a smallish boot disk (80GB) and then use a RAID 1 system to hold the data in the /home tree.
More tomorrow on the setup that I am planning for this machine.
The 133 had a friend in a 233 Pentium MMX which did the fileserving, http-proxy etc job. Both of these are now retired and in the process of being replaced by a single machine. Until I get my hands on some new hardware the semi old Celeron (bought back in 1999 or 2000) which is actually my parent's machine will perform as a stand-in.
The old firewall/server pair ran Debian with 2.4_bf kernels. And as the Celeron just "inherited" the disk from the old firewall it still runs the 2.4 Debian kernel. When time allows I will be building a new boot drive to replace it. This drive will replace the Debian now running on the interim 700 MHz celeron. It will also be the boot drive of the new system.
The choice of distribution for the new firewall/server machine will be ubuntu server. I am not quite sure if it will be the 7.04 or the older 6.06 LTS(Long Term Support) version. I have decided to switch to Ubuntu as it ;
- Builds upon the Debian distribution which is well-known for its stability
- Includes newer versions and newer alternatives to the Debian Stable branch
The hardware for the future firewall/server wil most likely be a socket 775 celeron on a MSI motherboard with Intel chip set. the plan is to make a smallish boot disk (80GB) and then use a RAID 1 system to hold the data in the /home tree.
More tomorrow on the setup that I am planning for this machine.
September 10, 2007
Welcome to my blog
Hi and welcome to my blog on Linux!
This blog will contain ramblings, tips, etc about and my experiences with Linux.
I have been using Linux for more than 6 years now and have had some experience with using it but little experience programming on the *nix platform. All this will change soon enough.
My Linux use has been both as a desktop and for server purposes both at home and at a few (small) installations that I have had the joy to administer.
Currently I am admin'ing a small internet cafe. This setup comprises of Windows machines (Win XP Home) as client machines, (Windows XP Home and Windows XP Professional) as administrative machines and Linux machines as server and firewall.
This cafe runs the SmartLaunch [SL] system (http://www.smartlaunch.net) which uses Windows as its platform for both clients, admin and server machines. The client machines needs to run Windows as they run the games that the public wants. The admin machines will most likely keep running on windows as this is what most of the employees know. My plans for the server is to move it to a Linux machine, that will partly run Samba to serve the WinBoxes with files, MySQL to serve the [SL] server with an SQL service and then I would like to move the [SL] server itself to a VMWare Virtual Machine running WinXP Pro on a Linux host OS.
Later a dedicated Gameserver for hosting CounterStrike, Day of Defeat, etc based games wil be added.
This blog will contain ramblings, tips, etc about and my experiences with Linux.
I have been using Linux for more than 6 years now and have had some experience with using it but little experience programming on the *nix platform. All this will change soon enough.
My Linux use has been both as a desktop and for server purposes both at home and at a few (small) installations that I have had the joy to administer.
Currently I am admin'ing a small internet cafe. This setup comprises of Windows machines (Win XP Home) as client machines, (Windows XP Home and Windows XP Professional) as administrative machines and Linux machines as server and firewall.
This cafe runs the SmartLaunch [SL] system (http://www.smartlaunch.net) which uses Windows as its platform for both clients, admin and server machines. The client machines needs to run Windows as they run the games that the public wants. The admin machines will most likely keep running on windows as this is what most of the employees know. My plans for the server is to move it to a Linux machine, that will partly run Samba to serve the WinBoxes with files, MySQL to serve the [SL] server with an SQL service and then I would like to move the [SL] server itself to a VMWare Virtual Machine running WinXP Pro on a Linux host OS.
Later a dedicated Gameserver for hosting CounterStrike, Day of Defeat, etc based games wil be added.
Subscribe to:
Posts (Atom)