Bits Build your own server: Part 2

Still failed same result, befuddled by this one, it should start nothing has really changed that I know of. But I guess there is the rub something has changed ... but what?

 

LOL. I hate user permissions. I really do. My bad. When I put the monitor back on I saw a message that my home folders file permissions are set wrong in dmrc or something. Clicked ok, thanks for that and all worked perfectly. As always never forget I am an idiot. sorry for wasting your time, thanks for the help and great tutorials. Can wait to finish this and get to scripting.

 

Is there going to be a 3rd article in this series or does it end now?

 

The sky is the limit... Do you have a topic for a third article about this?

 

I was thinking about VPN, allowing you to connect to your samba shared folders anywhere in the world, or mailserver setup.

 

Samba really isn't an internet protocol. You can allways use (Win)SCP to access your files worldwide.

And a mailserver is something which is quite prohibited by a lot of ISPs

 

I know that samba is not a internet protocol, but by using VPN you "log" onto your local network at home, and such you should have access to the shared samba folders.
As for the mail server, from what i can find out my isp allows me to just about anything i want with my connection, however i cannot find any good guides as to how you set up one. You linked to one earlier in this thread, however i cannot get that one to work i hope you can help me

 

With SCP you don't need all that, you can just Secure CoPy the files you want

For the mailserver, look into Courier and procmail or sendmail. For AV and spam services you should look into ClamAV and SpamAssassin.

 

I will look into it... Is it possible to set it up using webmin?

 

I have the same problem as you WhiskeyAlpha; I can connect with putty using xxx.no-ip.org but when it comes to VNC I can not open it. When I use a browser I can get to my server from xxx.no-ip.org but if I put a port on the end it doesn't work, is that a problem.
Also what do I need to do to get webmin working from outside my network?

Can't wait for part 3 ;-)

 

If you want VNC to work you need to open the appropriate ports in your firewall (like you need to open port 22 for SSH/SCP)

I seem to recall seeing that webmin isn't particularly secure, so i wouldn't recommend opening it up to the web, but again, its just a case of opening the ports in your firewall

 

I don't know too much about this so followed portforwarding.com and they said to disable the firewall, not that I wanted to, so it must be something else. I was think of putting my server on the DMZ and then turning the firewall back on, would that still work?

EDIT:
I don't have a private and public port section on my router so I instead forwarded ports 80, 443, 2222 and 12345 and pointed them to my servers IP address; is this also correct?

 

OK, typically I'm/we're getting confused between "Firewalls" and "Routers"

If you disable the "Firewall" incoming requests still have to go somewhere (or get dropped), I'm surprised you can _actually_ turn the firewall off, but still (BTW, i recommend you turn it back on)

Anyway, you need to forward the ports to a computer, unforwarded ports all go to the DMZ (theoretically, depends on your router/firewall/box thing)

So, you can either put your computer in the DMZ, but be warned, its basically exposed to the Internet
Otherwise, forward the ports you need to it

80 = HTTP, 443 = HTTPS
2222 = ?, 12345 = ?

I recommend forwarding a high port to your SSH port (valid ports = 1-65535)(for example, port 63222 (externally) to port 22 (internally)) - i recommend this because people often "Port Scan" if they see port 22 they may well try to hack your server, because odd's are SSH is listening on the other end

I hope Ive sort of answered your question (its quite hard because i don't know how much you know, or what equipment your using)
In summary, forward ports to your server, and leave the firewall on, don't bother with the DMZ

 

I think I am starting to confuse myself. My router is a ZyXEL 662HW-D1 and I don't know very much about port forwarding or Linux.
I have not put the server on the DMZ and I have enabled my firewall as you suggested and everything is working as it was before. I still can not get webmin open from outside of my network, I will try VNC again but don't think it will work.
I followed the guide from portforwarding.com to point ports 80, 443, 2222 and 12345 to my server but Gliders guide uses private and public ports. I have just found a section on my router which is "port triggering". This has an incoming port range and a trigger port range should I be using this to point an external port to an internal port as explained above. Also if I do that will the echo on the Linux box need changing.

As you can see I am not to hot with this type of stuff...

 

Port Forward doesn't seem to have a guide for your router

http://www.portforward.com/english/routers/port_forwarding/ZyXEL/660H-61/1st_SMTP_Server.htm
Does your routers page look like that?

If so, it appears your router wont let your forward external ports to different internal ones (ie, 22 has to goto 22)
Port triggering probably wont help, as i believe it requires your PC to trigger the port

For webmin you need to forward the appropriate port (it doesn't work off 80 or 443)
I believe the default port is 10000
However, again, i strongly recommend you don't open webmin up to the Internet, if you do make SURE you turn on SSL encryption, and NEVER use it from wireless

VNC also needs appropriate ports forwarded

 

it is actually this one, http://www.portforward.com/english/routers/port_forwarding/ZyXEL/P-660HW-D1/SMTP.htm but they both work the same.

Looks like it can't be done with my router, not a big problem as this server is only for my friends and family so no need for access all the time. I guess that is why VNC wont work either.

Never mind...

 

You can port forward with yours

It just means that you cant hide services behind different ports, ie, if you want SSH you have to expose port 22 (and then people can take a good guess at what service is running there)

With VNC, you can set the port it listens on, so you can assign that to anything you want anyway

Hmm, i was going to show you the WRT54G, but apparently that works the same way
http://www.portforward.com/english/routers/port_forwarding/Linksys/WRT54G/1st_SMTP_Server.htm

I guess ive just been spoilt by having a linux router box

 

Just a note on security, it is not very smart to expose your webmin site over the internet, as any flaws in the webmin program can possibly lead to a hacker gaining access to your ENTIRE system. It is much smarter to do it over SSH, just setup putty to forward port 10000 and then open up https://localhost:10000/ and you are in

 

can that still work when you are outside of your network?

 

yes, but you need to open port 22 for SSH

You then forward port 10000 through the SSH tunnel you just made
http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html

That should help you