# Setting Up A Server

## gentoo_newguy

Hi I just got me hands on old Dell PowerEdge 1650. 

I want to setup a Server wich I am able to VPN into from a remote location.

I also want to be able to ssh and file share so Iam able to access my files where ever I am. 

Could anyone reccomened away a good server guide i could use to get this going ?

----------

## nurachi

You may have a look at the gentoo wiki (http://gentoo-wiki.com/) wich contains a lot of tutorial. Unfortunatly it looks down today.

Google is also your friend

----------

## minor_prophets

Do you want to treat the installation as a proper server installation or a workstation?  If the machine is exposed to the 'net, you'll probably want a hardened profile, hardened sources, no?

If server is what you want, look

http://dev.gentoo.org/~solar/server-standards.xml

edit----

This guide is pretty old, though I did extract information from it for a server I built last year

/edit----

Either way, http://www.gentoo.org/doc/en/security/security-handbook.xml is a great document to have on hand.

Also, can I see an lspci on your 1750?  I've got a 1600SC I'd like to compare it against.Last edited by minor_prophets on Fri Nov 14, 2008 3:35 pm; edited 1 time in total

----------

## gentoo_newguy

Hi yes i would like it to be a proper server.

I want it to be live on my home network. 

If possible I would like it to provide VPN access to my network and also be used as a firewall / router.

Thanks for the guide as well 

May i ask why pop3 and imap should never be run ? Dont these provide mail ?

Any ideas.

----------

## minor_prophets

In the wake of the Gentoo-wiki hostage crisis, there is another source for valuable documentation.  The motherload of offical 'too documentation:

http://www.gentoo.org/doc/en/list.xml

Are you planning on running a mail server on the 1750 as well?  btw-I'm still interested in an lspci on your machine.  

Also, you say File Share and ssh in the same breath.  You can secure copy(use the scp command) which comes w/ ssh using ssh over vpn.  If you meant another means of file sharing as well, what did you have in mind?  details, please.

----------

## gentoo_newguy

Na not planning to run a mail server. 

I was just reading thru the securit documentation.

When i next boot up the machine i will post a lspci for you. 

I just want to be able to access my network from a remote location and maybe share files between the two networks (I no this can be slow) but thats what im after

----------

## minor_prophets

A security basic tenant is never run more services that you absolutely need.  Obviously, running two additional services which your are not using increase your insecurity(both computer and your inner-facing network).  That document goes over it a bit.(example-don't install X)

----------

## Dammital

 *minor_prophets wrote:*   

> never run more services that you absolutely need

 

I'll agree with minor_prophets, and add my own stream of consciousness.

If you intend to build a firewall, you should consider a standalone box.  I installed OBSD on a Soekris 5501: low power requirements, no hard drive to fail (it uses a CF).  If you must you can install a HD but I don't find it necessary.

Your 1650 is slow, but is probably reliable.  If it is not filled to 4GB yet then you should plan to pay $50/GB for registered memory.  More memory is always useful.

Compartmentalizing services is a good idea if you also use the 1650 as a firewall, so take a look at Xen.  (Note: Xen is a nontrivial exercise.)

----------

## gentoo_newguy

May i ask why the firewall should be on its own box. 

I may do this if u think its a better idea ?? What about the vpn how should i go about doing this ?

----------

## Dammital

Your firewall should be virtualized or physically isolated from the rest of your network.  If someone compromises your Joomla server (say) you don't want to give that person the keys to your whole network.

Expose as few services to the outside as you can.  Give your servers RFC1918 IP addresses and NAT them.

Until you've run your own firewall and inspected the logs you have no idea how rough it is out there.  People hammer your NAT filtering router all the time and on a variety of ports.  Distributed dictionary attacks on ssh, telnet and ftp ports.  Vestiges of Code Red buffer overflows against web servers.  Microsoft netbios exploits.  Open port probes.   Kazaa, Morpheus, Napster, Gnutella, what-have-you probes.  Spiders that don't respect the ROBOTS convention.  Others.

----------

## gentoo_newguy

Wo that was a bit imense for me but i can see where our coming from.

So im going to start of buy building a firewall. 

Im going to use a 3 gig harddrive do u think thats big enough ? 

Then should i follow the home router guide ? 

Or do u have a better suggestion

----------

## Dammital

As I indicated above, I put OpenBSD in a Soekris 5501.  Takes as much space on my shelf as an ethernet switch, runs cool, low power requirement, contains no hard drive.  Took me about an afternoon, but I'd had some OBSD exposure beforehand.  You'd also have to familiarize yourself with PF, the OpenBSD packet filter.

If you want to run Linux as your firewall/router, take a look at http://openwrt.org/.  OpenWRT was originally crafted to run on the Linksys WRT54G, but will also run on other consumer-grade routers.  That might be a cheaper way to get a full-function Linux router.

Finally if you're determined to build a Gentoo Linux firewall (we are after all here in a Gentoo forum) the Handbook currently says you need at least 1.5GB disk space.  By all means, go for more.

----------

## Dammital

Oh, you also asked about VPN.

IPsec is a complex beast that I haven't mastered.  But I find I don't really need it -- ssh with port forwarding is more than enough to satisfy my needs for getting into my home systems from the world beyond.

(It is by the way great fun to have a fellow geek look over your shoulder to see an emacs instance running on your cell phone.)

----------

## gentoo_newguy

I had a look at that little device and i think i want to buy one.

Is it possible to put gentoo on it ? 

How do u eveb go about installing an OS on to it. 

This may be a lot more cost effect and save me a whole machine.

----------

## minor_prophets

Speaking of Linux firewalls, if you have an existing Linksys wrt54g device, have a quick look over at http://www.dd-wrt.com/dd-wrtv3/index.php .  Basically, with openwrt(I have little experience with this but it operates similarly to dd-wrt) and dd-wrt(have 2 devices running current firmware as I speak) you can turn that $40 route rinto a $500-600 piece of hardware.

Having a firewall at your perimeter does not mean that you should not run a firewall.  look at iptables for your linux boxen.  There are a couple really good threads in this forum that got me started.

----------

## minor_prophets

Also, have a look at the IPCop distro.  Runs on minimal hardware.  Just need to have 2 nics(or more of course) is all.

----------

## Dammital

 *gentoo_newguy wrote:*   

> I had a look at that little device [Soekris 5501] and i think i want to buy one.
> 
> Is it possible to put gentoo on it ? 
> 
> How do u eveb go about installing an OS on to it.

 

I haven't done it but others have: google for "soekris gentoo".

My 5501 has a 4GB CF card that it uses for a "hard drive" (yes, I over-bought but I got what was a good deal at the time).  I do very few writes to the CF; the mandatory OpenBSD swapfile is allocated to a ramdisk.

It is possible to install a small hard drive in the 5501 case, but you might have to struggle with connectors and mounts.  You should spend some time perusing the Soekris mailing list archive before you make your purchase so that you understand what you'd be getting into.

The 5501 is not a consumer system, and has no display adapter or sound card.  It will never run MS-Windows.  It will run xBSD and Linux, and it is a neat little networking appliance, with four ethernet ports, two serial console ports, and sundry SATA/IDE/USB/PCI connectors.

It is possible (I guess) to make a bootable system on a CF card from some other machine, transplant the CF card into your Soekris, and boot it there.  But I think most people perform a network installation.  The 5501 supports PXE boot, so you can boot (say) a minimal system from a server on your network, and then do all the installation from the Soekris itself.  That was quick and easy to do with OpenBSD binaries, which is one reason I chose OpenBSD for that box.

minor_prophets is giving you some good advice, too.  Look at the projects he suggests before making a decision; they each require varying amounts of expertise, and some are more expensive than others.  It depends on your budget and what kind of learning experience you are up for.

----------

## minor_prophets

Damnitall,

I don't *need* a Soekris 5501, but it looks like a fine product and I would like one.  :Shocked: 

Have messed around with IDS on that hardware yet?

----------

## Dammital

 *minor_prophets wrote:*   

> Have messed around with IDS on that hardware yet?

 

No, I haven't implemented IDS.  It's on my ever-growing list of things to do.

----------

## minor_prophets

The more time ya give her, the more she demands.  And, it gets exponentially worse, the more machines you have around you.  :Laughing: 

----------

