@glider; I should have known someone would answer that (semi) seriously.
i'm about to head off to college, but my college blocks all bittorrenting (one of the reasons for making this server and following these awesome tutorials) and all ports over 1024. rather than use port 2222, what other port can I use that is 1024 or under? can i look at the iana port list and find anything unused, or is there a good, unused port anyone can suggest?
Hello, great guide. Completed the second part of the guide a moment ago, everything is working greatly, but I wonder how I add a new folder to the mysite.no-ip.org ?
E: Problem solved, just a new folder into /var/www/
another question is under the "wrapping up" page. For the second port forward step, in which we redirect public port 12345 to private port 80, I'm looking at my router config, and wondering if "start" port and "end" ports correspond to "public" and "private" ports. I thought that "start" and "end" fields were to give a range of ports that would be forwarded. I don't want to risk forwarding ports 80 through to 12345, so can anyone help me with this?
One question for you; is it possible to set up the server as a router? I.e;
Phone line -> ADSL modem (internal/external) -> Server (running DHCP software) -> Switch/hub/WiFi -> LAN
I just figured that as the server will be running 24/7, I may as well use it as a router too. Surely, it'll do a better job than a standalone router and offer more advance features such as bandwidth management etc. How would I go about doing this, and can you recommend any PCI/USB ADSL modems that are Linux compatible?
Originally Posted by riggs One question for you; is it possible to set up the server as a router? I.e;
Phone line -> ADSL modem (internal/external) -> Server (running DHCP software) -> Switch/hub/WiFi -> LAN
I just figured that as the server will be running 24/7, I may as well use it as a router too. Surely, it'll do a better job than a standalone router and offer more advance features such as bandwidth management etc. How would I go about doing this, and can you recommend any PCI/USB ADSL modems that are Linux compatible?
its is a very bad idea to run Samba and a router
Infact, routers (/firewalls) should be independant boxes, if you want a nice linux firewall, fine, but dont run all your server software on the box too
If you want a firewall distro of linux, i reccomend IPCop - IMO its very good
Really? What are the main security issue(s)?
I was hoping to have the box set up as a router/firewall/DHCP, SAMBA file server, FTP (intra/internet), torrentflux, & occasionally a BF1942 server...
Well i just spend like 30 Min's trying to find somewhere that actually says why its a bad idea, i know i have a book, but you would have to pay for that ;)
Quote:
Originally Posted by http://www.frogge.de/pepper/linux/linuxrouter_config.html As I have now mentioned a few times, there is a trade off between convenience and security. Initially when I was experimenting a lot, it was handy to have SMB access to the files on the router. Since then I haven't used it anymore. For everyday use all I really need is a way to log on to the router and maybe transfer the odd file. This can be done using SSH in a more secure fashion. Therefore I will move to SSH with the next version of my Internet router.
It goes without saying that you should remove all unused services from /etc/inetd.conf. In case you are not planning to offer any services at all, make sure you don't start inetd from the startup scripts in the first place.
Basically you can think about it this way
Every service you run has a possibility that it can be hacked, and is insecure
The more you run, the more back doors there are, samba is especially bad, because its opening up the filesystem with relatively insecure security systems
You want your firewall to be as hard to break into as possible, even on a Firewall distribution like IPCop they warn that any plugins, or modifications your make, could weaken the security of the box
In the end, its your choice, but i strongly recommend you do not combine your firewall with anything else
Hell they even say that a better firewall wouldn't have DNS, DHCP, Snort, etc etc services, because everything you add, increases the possibility of you being hacked, however, there needs to be a balance between convenience and security
Originally Posted by Glider But tell me, what are the chances a home connection gets hacked? I'm a more advanced user, and I never got hacked...
From a security stance it's a bad idea, but for home usage, why not?
it depends what you do
if you start hosting web servers, game servers, or P2P - things like that, You will become a target, i know my firewall detects thousands of probes/lame attempts a day on my network
If your a standard user, play the odd game, youll probably be ok
I guess it depends what risk you wanna take, id rather be safe and not get hacked and root kitted and all that crap ;)
Originally Posted by completemadness if you start hosting web servers, game servers, ...
You should get a DECENT uplink separated from your own internet connection, at least if you aim to host a decent service
Quote:
Originally Posted by completemadness I guess it depends what risk you wanna take, id rather be safe and not get hacked and root kitted and all that crap ;)
With a decently set up IPtables ruleset, a secure policy on your server and tweaks here and there any home user should be safe... Or paranoid...
I am having a problem. I want people in my family to be able to access the server and I can not get them into it. My address to the server is tserver.servehttp.com.
How can I make it work? I have a Linksys WRT54G Router. I may have not forwarded the ports correctly. I just don't know. The main thing I want to be able for my family to access is the Torrent Flux and be able to add files to my server.
I have tried that. I did the ports the way that I was told to on the website and still it does not work. Everything works fine on my network but when my family tries to access it they can't.
Chances are (probable) that your ISP blocks those ports. You need to either remap them, or change the port the webserver is listening on. You do that by editing /etc/apache2/ports.conf
Can your relatives log in through SSH? I'd let them SCP (via WinSCP) in.
Comments 51 to 75 of 197
i'm about to head off to college, but my college blocks all bittorrenting (one of the reasons for making this server and following these awesome tutorials) and all ports over 1024. rather than use port 2222, what other port can I use that is 1024 or under? can i look at the iana port list and find anything unused, or is there a good, unused port anyone can suggest?
E: Problem solved, just a new folder into /var/www/
Also, you can just try what happens, you'll figure out quickly if you forwarded the entire range or you redirected the given port.
What can we expect in part 3?
One question for you; is it possible to set up the server as a router? I.e;
Phone line -> ADSL modem (internal/external) -> Server (running DHCP software) -> Switch/hub/WiFi -> LAN
I just figured that as the server will be running 24/7, I may as well use it as a router too. Surely, it'll do a better job than a standalone router and offer more advance features such as bandwidth management etc. How would I go about doing this, and can you recommend any PCI/USB ADSL modems that are Linux compatible?
Sure, you can set the server up as a router/gateway, no problem. Some links to get you started, not al Ubuntu based, but you'll sort it out ;):
A guide:
http://gentoo-wiki.com/HOWTO_setup_a_home-server
Iptables (for routing / NAT / port remapping / Firewall:
http://www.iptables.org/
http://www.linuxguruz.com/iptables/howto/
DHCP server:
http://oob.freeshell.org/nzwireless/dhcpd.html
If required, DNS:
http://www.isc.org/index.pl?/sw/bind/
http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_BIND
Proxy:
http://www.squid-cache.org/
Infact, routers (/firewalls) should be independant boxes, if you want a nice linux firewall, fine, but dont run all your server software on the box too
If you want a firewall distro of linux, i reccomend IPCop - IMO its very good
I was hoping to have the box set up as a router/firewall/DHCP, SAMBA file server, FTP (intra/internet), torrentflux, & occasionally a BF1942 server...
Every service you run has a possibility that it can be hacked, and is insecure
The more you run, the more back doors there are, samba is especially bad, because its opening up the filesystem with relatively insecure security systems
You want your firewall to be as hard to break into as possible, even on a Firewall distribution like IPCop they warn that any plugins, or modifications your make, could weaken the security of the box
In the end, its your choice, but i strongly recommend you do not combine your firewall with anything else
Hell they even say that a better firewall wouldn't have DNS, DHCP, Snort, etc etc services, because everything you add, increases the possibility of you being hacked, however, there needs to be a balance between convenience and security
From a security stance it's a bad idea, but for home usage, why not?
if you start hosting web servers, game servers, or P2P - things like that, You will become a target, i know my firewall detects thousands of probes/lame attempts a day on my network
If your a standard user, play the odd game, youll probably be ok
I guess it depends what risk you wanna take, id rather be safe and not get hacked and root kitted and all that crap ;)
Please can anyone help me?
Thanks,
Shane
But, Samba isn't made to share over the internet. It's possible, but not recommended. FTP is much better suited for that.
I nmap'ed your host:
Thanks,
Shane
http://www.portforward.com/english/routers/port_forwarding/Linksys/WRT54G/default.htm
I don't know what to do.
Thanks,
Shane
Here are my current router configurations.
http://www.shanesvirtualcloset.com/screenshot.png
Can your relatives log in through SSH? I'd let them SCP (via WinSCP) in.
Thanks
Shane
aslong as you open up port 22 (or whatever u set it to, probably best to change it) in your router
Shane
Thanks,
Shane
where -p is the port flag and xxx is the port you have set sshd to listen on.