October 28, 2007

HomeServer Part 5 - Initial configuration

In this instalment of the HomeServer series we will do the initial configuration of the HomeServer which will turn it into a working Firewall/Router.

Network interfaces

Only eth0 is configured properly. Eth1 is recognized by the kernel module and brought up but as it is not connected, it is not getting configured in the network configuration sub system. Luckily this is fairly easy to do.

Edit the file /etc/network/interfaces in your favorite editor. Remember to sudo your edit command. Otherwise the file is read only.

Leave the lo entry as it is. No reason to tempt fate by changing this.

Clone the eth0 entry and rename the device identifier with eth1. The config file should look something like this (bar the lo lines):

auto eth0 # Bring up eth0 automatically
iface eth0 inet dhcp # eth0 is an inet (TCP/IP) v4 based interface
# (as opposed to inet6 (TCP/IP v6), IPX etc protocols)
# It gets its network address, netmask, gateway,
# broadcast, DNS, etc address information from a
# DHCP server

auto eth1 # Bring up eth1 automatically

iface eth1 inet static # eth1 has a static address assigned by us
address 192.168.2.1
netmask 255.255.255.0

Then you can bring up eth1 by running ifconfig:

#sudo ifconfig eth1 up

DHCP Server

I Selected to install the dhcp3 server in my HomeServer. The configuration file for this server is located at /etc/dhcp3/dhcpd.conf. Open the configuration file with root capabilities and edit the following lines:

Comment out the ‘option domain-name’ line for now.

Uncomment the ‘authoritative’ line as our HomeServer is supposed to be the authoritative DHCP server on our local network.

Append the following lines at the end of the file to set up our network topology.

# Outside network (on eth0). No service provided
Subnet 10.0.0.0 netmask 255.255.255.0 {
}

Our sample network is 10.0.0.0 with a network netmask of 255.255.255.0. Please contact your ISP for the details of your setup. We are not going to provide any service to this network. We are just informing the dhcp daemon that it exists.

# Local network (on eth1)
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.129 192.168.2.250;
option routers 192.168.2.1;
}

If you have additional nets please add them accordingly, using the above as a template.

Back to the global variables in the beginning of the file. Change these lines to your suit your setup. If you like you can change the ‘option domain-name’ line. Please note that this will not change internet behavior outside of your local setup. I would advise you to raise the lease time to something close to 12 or more hours. Remember to add your domain name servers with the ‘option domain-name-servers’ line :

Option domain-name-servers x.y.z.q1, x.y.z.q2;

Add as many as you like that are available to you.

Shoreline Firewall (Shorewall) minimum setup

The configuration files for Shoreline Firewall is not ready in the /etc/ structure. You need to copy the appropriate default files and edit them to suit your setup. As our initial setup is a two interface setup we copy the default files from /usr/share/doc/shorewall/examples/two-interfaces like this :

#sudo cp /usr/share/doc/shorewall/examples/two-interfaces /etc/shorewall

This will copy all necessary files plus the file README.txt. For now I am keeping this file as its contents remind me which default setup I have copied.

Modify the Shorewall policy file (/etc/shorewall/policy) to allow the firewall machine (our HomeServer) to access the net. We need this in order to update our ubuntu installation. Change the line :

$FW net REJECT info

to

$FW net ACCEPT

I decided to comment out the old line to preserve what the default setting is in my config file, copied and modified the copy. Remember to remove the info keyword to avoid your log file being cluttered with lines stating that your firewall accessed the internet.

Initial configuration of Shorewall is now done. We will have to modify the Shorewall setup to allow access to our services, e.g. Samba (providing SMB - Windows File Server protocol), Apache (webserver), MySQL (relational SQL data base server) etc. running on the HomeServer.

We are not yet quite done setting up shorewall. Remember to enable startup in the /etc/shorewall/shorewall.conf file; edit the line:

STARTUP_ENABLED=No

to =Yes

Remember to allow Shorewall to be started on debian based systems (ubuntu and its cousins are based upon debian). Modify the file /etc/default/shorewall line:

startup=0

to =1

Remember to compile and start shorewall:

#sudo shorewall start

To check whether the rules has been set up use the command

#sudo iptables –L

Congratulations! You now have a working Router/Firewall setup – the first step on our road to a HomeServer!

Next time we will have a go at setting up the Samba server which provides the SMB protocol for serving files to Windows clients.
Indsendt af kl. No comments:
Tags: , , , , ,

October 27, 2007

HomeServer Part 4 - Installation

A few things has changed during the last 5-6 weeks. I have been able to aquire some used parts to upgrade my HomeServer project. Thus the Hardware setup for this project is as follows :

CPU Pentium 4 2.4 GHz
RAM 640 MB DDR Ram
Motherboard Intel 845 Desktop Motherboard
NICs 2 x D-Link DGE-628T Gigabit
Graphics board GeForce 2 MX
TV Tuner BrookTree 878 Based card
Hard disk drives 160 GB Seagate Harddisk ATA
Optical drives 20x Lite-On DVD-RW drive
Power Supply Unit Trust 520W Pro PSU Low Noise Big Fan
Computer case Full Size “server” tower with
  • 3 internal 3.5” hdd bays
  • 1 external 3.5” floppy bay
  • 5 external 5.25” bays

The Graphics board and the TV Tuner are probably the oldest parts in this setup. The graphics board is mainly there because I need it during the initial install. Also most systems will not start without a Graphics board. The TV Tuner board is one that I have sitting idle in my desktop computer so the plan is to get some sort of Media Server part up and running too.

The optical drive was used for installation purposes as well and will be used in my backup plan. The current hard drive will serve both as the boot drive and main storage drive. I was contemplating whether I should partition it with one big root (/) partition and one /home partition or if I should keep a smaller root (/) partition together with /var and /usr partitions. I decided that a big root (/) partition was the way forward as it would allow for both root (/) /var and /usr to grow unproportionately without running into the situation where one partition lacks space and another has plenty of unused blocks.

Future hardware plans:
S-ATA RAID Controller
Hard disk drives 2 x 320 GB (at least) S-ATA in RAID 1 for /home user files

To safeguard personal data such as digital photos, documents, etc I plan to add a RAID 1 array based upon Serial ATA drives. This will, with the backup procedure safeguard important files. If a disk in the RAID 1 array fails, it will continue to run on the other drive. The faulty drive can be replaced and the RAID 1 array will recreate itself onto the new disk. Theoretically this should be possible online, on the fly so that both Data and Server is available as much as possible.

When the RAID 1 array is added it will host the user files in their /home directories. The main /home partition will then host the semi-volatile files such as MP3s created from our CD etc. collection.

Software:

Operating System Ubuntu 7.10 “Gutsy Gibbon” – server edition

Kernel Ubuntu vanilla kernel 2.6.22

Just shortly before I assembled the hardware, Ubuntu 7.10 code name “Gutsy Gibbon” was released (on oct. 18th 2007) so I decided to go with the server edition of this new Ubuntu. If you want long term support, or you are simply not comfortable with using the latest version and would rather go for the tried and tested version, I suggest You try the LTS version available to you (6.06 code name “Dapper Drake” at the time of writing this).

Ubuntu detected the IDE controller as a SCSI controller and gave the boot drive the designation /dev/sda.

The drive was partitioned into three parts :
Partition Mount point Type Size
sda1 / ext3 15 GB
sda2 swap 2 GB
sda3 /home ext3 143 GB

The Ubuntu server installer installed the core system. In addition I selected to install the following extra packages:

  • OpenSSH server - to allow remote system administration
  • LAMP server - Linux, Apache, Mysql, PHP. This will allow me to run easy web based administration modules as well as provide a test and development bed for web development.
  • Samba file server - to provide remote file storage for windows boxes
  • NFS file server - to provide remote file storage for *nix (mainly Linux) boxes
  • DHCP server - to provide network management
  • Shoreline Firewall - to provide protection from outside (and inside) attacks

During the install I selected to add just one user (jan). I will add more as they are needed. Remember that Ubuntu allows this admin user account to act as root by preceeding the commands with the command sudo. You will be prompted with a request for your password if you have not done sudo within the last 15 minutes.

I also added the procinfo, make, gcc and linux-source packages. Procinfo to provide process etc info. Make, gcc and linux-source to allow me to finetune the kernel on the server as well as other applications.

Next Blog will be on the initial configuration of the HomeServer

Indsendt af kl. No comments:
Tags: , , ,

Long time no see ...

I have been absent from my blog for more than a month. My apologies. Other things out there in the physical world has demanded my presence in a way that I have been unable and/or unwilling to spend time writing blogs.

I should be back on track, submitting at least a few blog posts every week.
Indsendt af kl. No comments:
Tags:
Subscribe to: Posts (Atom)