Build your own server: Part 2

I know that samba is not a internet protocol, but by using VPN you "log" onto your local network at home, and such you should have access to the shared samba folders.
As for the mail server, from what i can find out my isp allows me to just about anything i want with my connection, however i cannot find any good guides as to how you set up one. You linked to one earlier in this thread, however i cannot get that one to work :( i hope you can help me

With SCP you don't need all that, you can just Secure CoPy the files you want ;)

For the mailserver, look into Courier and procmail or sendmail. For AV and spam services you should look into ClamAV and SpamAssassin.

I will look into it... Is it possible to set it up using webmin?

I have the same problem as you WhiskeyAlpha; I can connect with putty using xxx.no-ip.org but when it comes to VNC I can not open it. When I use a browser I can get to my server from xxx.no-ip.org but if I put a port on the end it doesn't work, is that a problem.
Also what do I need to do to get webmin working from outside my network?

Can't wait for part 3 ;-)

If you want VNC to work you need to open the appropriate ports in your firewall (like you need to open port 22 for SSH/SCP)

I seem to recall seeing that webmin isn't particularly secure, so i wouldn't recommend opening it up to the web, but again, its just a case of opening the ports in your firewall

Originally Posted by completemadness
If you want VNC to work you need to open the appropriate ports in your firewall (like you need to open port 22 for SSH/SCP)

I seem to recall seeing that webmin isn't particularly secure, so i wouldn't recommend opening it up to the web, but again, its just a case of opening the ports in your firewall

I don't know too much about this so followed portforwarding.com and they said to disable the firewall, not that I wanted to, so it must be something else. I was think of putting my server on the DMZ and then turning the firewall back on, would that still work?

EDIT:
I don't have a private and public port section on my router so I instead forwarded ports 80, 443, 2222 and 12345 and pointed them to my servers IP address; is this also correct?

OK, typically I'm/we're getting confused between "Firewalls" and "Routers"

If you disable the "Firewall" incoming requests still have to go somewhere (or get dropped), I'm surprised you can _actually_ turn the firewall off, but still (BTW, i recommend you turn it back on)

Anyway, you need to forward the ports to a computer, unforwarded ports all go to the DMZ (theoretically, depends on your router/firewall/box thing)

So, you can either put your computer in the DMZ, but be warned, its basically exposed to the Internet
Otherwise, forward the ports you need to it

80 = HTTP, 443 = HTTPS
2222 = ?, 12345 = ?

I recommend forwarding a high port to your SSH port (valid ports = 1-65535)(for example, port 63222 (externally) to port 22 (internally)) - i recommend this because people often "Port Scan" if they see port 22 they may well try to hack your server, because odd's are SSH is listening on the other end

I hope Ive sort of answered your question (its quite hard because i don't know how much you know, or what equipment your using)
In summary, forward ports to your server, and leave the firewall on, don't bother with the DMZ

I think I am starting to confuse myself. My router is a ZyXEL 662HW-D1 and I don't know very much about port forwarding or Linux.
I have not put the server on the DMZ and I have enabled my firewall as you suggested and everything is working as it was before. I still can not get webmin open from outside of my network, I will try VNC again but don't think it will work.
I followed the guide from portforwarding.com to point ports 80, 443, 2222 and 12345 to my server but Gliders guide uses private and public ports. I have just found a section on my router which is "port triggering". This has an incoming port range and a trigger port range should I be using this to point an external port to an internal port as explained above. Also if I do that will the echo on the Linux box need changing.

As you can see I am not to hot with this type of stuff...

Port Forward doesn't seem to have a guide for your router

http://www.portforward.com/english/routers/port_forwarding/ZyXEL/660H-61/1st_SMTP_Server.htm
Does your routers page look like that?

If so, it appears your router wont let your forward external ports to different internal ones (ie, 22 has to goto 22)
Port triggering probably wont help, as i believe it requires your PC to trigger the port

For webmin you need to forward the appropriate port (it doesn't work off 80 or 443)
I believe the default port is 10000
However, again, i strongly recommend you don't open webmin up to the Internet, if you do make SURE you turn on SSL encryption, and NEVER use it from wireless

VNC also needs appropriate ports forwarded

it is actually this one, http://www.portforward.com/english/routers/port_forwarding/ZyXEL/P-660HW-D1/SMTP.htm but they both work the same.

Looks like it can't be done with my router, not a big problem as this server is only for my friends and family so no need for access all the time. I guess that is why VNC wont work either.

Never mind...

You can port forward with yours

It just means that you cant hide services behind different ports, ie, if you want SSH you have to expose port 22 (and then people can take a good guess at what service is running there)

With VNC, you can set the port it listens on, so you can assign that to anything you want anyway

Hmm, i was going to show you the WRT54G, but apparently that works the same way
http://www.portforward.com/english/routers/port_forwarding/Linksys/WRT54G/1st_SMTP_Server.htm

I guess ive just been spoilt by having a linux router box :p

Just a note on security, it is not very smart to expose your webmin site over the internet, as any flaws in the webmin program can possibly lead to a hacker gaining access to your ENTIRE system. It is much smarter to do it over SSH, just setup putty to forward port 10000 and then open up https://localhost:10000/ and you are in

can that still work when you are outside of your network?

Originally Posted by Dollar
can that still work when you are outside of your network?

yes, but you need to open port 22 for SSH

You then forward port 10000 through the SSH tunnel you just made
http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html

That should help you

All working fine now, thanks for your help...

Originally Posted by Glider
The sky is the limit... Do you have a topic for a third article about this? ;)

So, i've been wanting to do this for a while. I just went back and re-scanned the articles, and didn't see anything on automated backup of files for computers! :( I would definitely like to see that (as I wait for XP to format for a reinstall... sigh). It would have to backup windows machines (as well as linux machines, i guess... )

Another idea that popped in my mind right now is streaming video/music over IP, say to my windows based home theater machine (this may be covered in the article, all I did was scan it real quick. if it is, feel free to point it out to me.)

Maybe this stuff could be done easily, but I don't know squat about linux, and so I would need someone to hold my hand as I did it (read: i need another article :))

let me know what you think. Thanks!

Originally Posted by jakenbake
So, i've been wanting to do this for a while. I just went back and re-scanned the articles, and didn't see anything on automated backup of files for computers! :( I would definitely like to see that (as I wait for XP to format for a reinstall... sigh). It would have to backup windows machines (as well as linux machines, i guess... )

Another idea that popped in my mind right now is streaming video/music over IP, say to my windows based home theater machine (this may be covered in the article, all I did was scan it real quick. if it is, feel free to point it out to me.)

Backing up sounds like a good idea

Streaming media just requires some sort of UPnP server software
http://www.google.co.uk/search?q=upnp+server+ubuntu

The articles are nice, however, just copying and pasting commands often doesn't lead to a great understanding, glider has helped you setup a machine, and hopefully you know some foundations now, so it may be an idea to have a little go on your own

Originally Posted by jakenbake
So, i've been wanting to do this for a while. I just went back and re-scanned the articles, and didn't see anything on automated backup of files for computers! :( I would definitely like to see that (as I wait for XP to format for a reinstall... sigh). It would have to backup windows machines (as well as linux machines, i guess... )

Another idea that popped in my mind right now is streaming video/music over IP, say to my windows based home theater machine (this may be covered in the article, all I did was scan it real quick. if it is, feel free to point it out to me.)

Maybe this stuff could be done easily, but I don't know squat about linux, and so I would need someone to hold my hand as I did it (read: i need another article :))

let me know what you think. Thanks!

apt-get install backuppc ;)

Originally Posted by Glider
apt-get install backuppc ;)

apt-cache search is your friend :D

so how do i set an ip address on my server so it doesn't get automatically assigned one every time i restart my router or turn off my server.

I have a hunch how to do it thru webadmin:
networking -> network configuration -> network interfaces

under "interfaces active now" i see "lo" and "eth0" but under "interfaces active at boot time" all i see is "lo".

Do i simply add eth0 to interfaces active at boot time and set the IP that way?

Thanks for the help!

You need to set the IP for eth0 to static, and assign some IP adress to it. I use a high IP number, so that the chance of DHCP assigning the same is low (don't know if this can happen). Your static IP should look something like this 192.168.1.* (if you are using standard IP's).

You'll want to set your router DHCP server to assign it a static IP, well thats the easy way. Have a look at your routers config page to do that. Then you need to set the eth0 to come up at boot time and get its ip from DHCP again but this time when it asks the router will give it the same fixed address.

I generally have my DHCP server to assign from a pool from 50-250 and set servers and other fixed address items to <49 ie set your server to 192.168.10.5 and have the router dish out addresses above 192.168.10.50.

Ya, I understand WHAT i need to do. I'm just not sure how to accomplish it.

On my router config, I see where it starts to assign automatically, so i'll want to make this higher than my server ip. I got that.

As far as assigning the server a static number, i see "Static DNS 1", "Static DNS 2", and "Static DNS 3". These obviously don't correspond to the number of lan outputs i have on the back of my router (4).

I think it would be easier to set the static IP within linux like millusdk said, only b/c i'm not sure how to do it on my router (I have a linksys wrt54g btw)

any problem with doing that?

The DHCP server dishes out more than just an IP address which is why its preferable to do it that way also it means if you every change your configuration you only have to change it in one place. Give me ten minutes i'll try and find some thing for fixing ips through the router.

edit: Ahh not sure your router can assign static ip's. Bugger have to do this the hard way.

edit2: this link here should sort you out

Edit3: you need to set the IP between 2 and 99 so 192.168.1.2 ---> 192.168.1.99

I have almost the same router as you have (wrt54gl), and from what i can see it is not possible to assign static IP adresse to certain MAC adresses. So it is only possible to do it on the Ubuntu box.