Bits Build your own server: Part 2

Discussion in 'Article Discussion' started by Tim S, 24 Jul 2007.

  1. statmonkey

    statmonkey What's a Dremel?

    Joined:
    5 Nov 2007
    Posts:
    15
    Likes Received:
    0
    Still failed same result, befuddled by this one, it should start nothing has really changed that I know of. But I guess there is the rub something has changed ... but what?
     
  2. statmonkey

    statmonkey What's a Dremel?

    Joined:
    5 Nov 2007
    Posts:
    15
    Likes Received:
    0
    LOL. I hate user permissions. I really do. My bad. When I put the monitor back on I saw a message that my home folders file permissions are set wrong in dmrc or something. Clicked ok, thanks for that and all worked perfectly. As always never forget I am an idiot. sorry for wasting your time, thanks for the help and great tutorials. Can wait to finish this and get to scripting.
     
  3. Millusdk

    Millusdk What's a Dremel?

    Joined:
    27 Jan 2008
    Posts:
    140
    Likes Received:
    1
    Is there going to be a 3rd article in this series or does it end now?
     
  4. Glider

    Glider /dev/null

    Joined:
    2 Aug 2005
    Posts:
    4,173
    Likes Received:
    21
    The sky is the limit... Do you have a topic for a third article about this? ;)
     
  5. Millusdk

    Millusdk What's a Dremel?

    Joined:
    27 Jan 2008
    Posts:
    140
    Likes Received:
    1
    I was thinking about VPN, allowing you to connect to your samba shared folders anywhere in the world, or mailserver setup.
     
  6. Glider

    Glider /dev/null

    Joined:
    2 Aug 2005
    Posts:
    4,173
    Likes Received:
    21
    Samba really isn't an internet protocol. You can allways use (Win)SCP to access your files worldwide.

    And a mailserver is something which is quite prohibited by a lot of ISPs
     
  7. Millusdk

    Millusdk What's a Dremel?

    Joined:
    27 Jan 2008
    Posts:
    140
    Likes Received:
    1
    I know that samba is not a internet protocol, but by using VPN you "log" onto your local network at home, and such you should have access to the shared samba folders.
    As for the mail server, from what i can find out my isp allows me to just about anything i want with my connection, however i cannot find any good guides as to how you set up one. You linked to one earlier in this thread, however i cannot get that one to work :( i hope you can help me
     
  8. Glider

    Glider /dev/null

    Joined:
    2 Aug 2005
    Posts:
    4,173
    Likes Received:
    21
    With SCP you don't need all that, you can just Secure CoPy the files you want ;)

    For the mailserver, look into Courier and procmail or sendmail. For AV and spam services you should look into ClamAV and SpamAssassin.
     
  9. Millusdk

    Millusdk What's a Dremel?

    Joined:
    27 Jan 2008
    Posts:
    140
    Likes Received:
    1
    I will look into it... Is it possible to set it up using webmin?
     
  10. Dollar

    Dollar What's a Dremel?

    Joined:
    9 Mar 2008
    Posts:
    14
    Likes Received:
    0
    I have the same problem as you WhiskeyAlpha; I can connect with putty using xxx.no-ip.org but when it comes to VNC I can not open it. When I use a browser I can get to my server from xxx.no-ip.org but if I put a port on the end it doesn't work, is that a problem.
    Also what do I need to do to get webmin working from outside my network?

    Can't wait for part 3 ;-)
     
  11. completemadness

    completemadness What's a Dremel?

    Joined:
    11 May 2007
    Posts:
    887
    Likes Received:
    0
    If you want VNC to work you need to open the appropriate ports in your firewall (like you need to open port 22 for SSH/SCP)

    I seem to recall seeing that webmin isn't particularly secure, so i wouldn't recommend opening it up to the web, but again, its just a case of opening the ports in your firewall
     
  12. Dollar

    Dollar What's a Dremel?

    Joined:
    9 Mar 2008
    Posts:
    14
    Likes Received:
    0
    I don't know too much about this so followed portforwarding.com and they said to disable the firewall, not that I wanted to, so it must be something else. I was think of putting my server on the DMZ and then turning the firewall back on, would that still work?

    EDIT:
    I don't have a private and public port section on my router so I instead forwarded ports 80, 443, 2222 and 12345 and pointed them to my servers IP address; is this also correct?
     
    Last edited: 23 Mar 2008
  13. completemadness

    completemadness What's a Dremel?

    Joined:
    11 May 2007
    Posts:
    887
    Likes Received:
    0
    OK, typically I'm/we're getting confused between "Firewalls" and "Routers"

    If you disable the "Firewall" incoming requests still have to go somewhere (or get dropped), I'm surprised you can _actually_ turn the firewall off, but still (BTW, i recommend you turn it back on)

    Anyway, you need to forward the ports to a computer, unforwarded ports all go to the DMZ (theoretically, depends on your router/firewall/box thing)

    So, you can either put your computer in the DMZ, but be warned, its basically exposed to the Internet
    Otherwise, forward the ports you need to it

    80 = HTTP, 443 = HTTPS
    2222 = ?, 12345 = ?

    I recommend forwarding a high port to your SSH port (valid ports = 1-65535)(for example, port 63222 (externally) to port 22 (internally)) - i recommend this because people often "Port Scan" if they see port 22 they may well try to hack your server, because odd's are SSH is listening on the other end

    I hope Ive sort of answered your question (its quite hard because i don't know how much you know, or what equipment your using)
    In summary, forward ports to your server, and leave the firewall on, don't bother with the DMZ
     
  14. Dollar

    Dollar What's a Dremel?

    Joined:
    9 Mar 2008
    Posts:
    14
    Likes Received:
    0
    I think I am starting to confuse myself. My router is a ZyXEL 662HW-D1 and I don't know very much about port forwarding or Linux.
    I have not put the server on the DMZ and I have enabled my firewall as you suggested and everything is working as it was before. I still can not get webmin open from outside of my network, I will try VNC again but don't think it will work.
    I followed the guide from portforwarding.com to point ports 80, 443, 2222 and 12345 to my server but Gliders guide uses private and public ports. I have just found a section on my router which is "port triggering". This has an incoming port range and a trigger port range should I be using this to point an external port to an internal port as explained above. Also if I do that will the echo on the Linux box need changing.

    As you can see I am not to hot with this type of stuff...
     
  15. completemadness

    completemadness What's a Dremel?

    Joined:
    11 May 2007
    Posts:
    887
    Likes Received:
    0
    Port Forward doesn't seem to have a guide for your router

    http://www.portforward.com/english/routers/port_forwarding/ZyXEL/660H-61/1st_SMTP_Server.htm
    Does your routers page look like that?

    If so, it appears your router wont let your forward external ports to different internal ones (ie, 22 has to goto 22)
    Port triggering probably wont help, as i believe it requires your PC to trigger the port

    For webmin you need to forward the appropriate port (it doesn't work off 80 or 443)
    I believe the default port is 10000
    However, again, i strongly recommend you don't open webmin up to the Internet, if you do make SURE you turn on SSL encryption, and NEVER use it from wireless

    VNC also needs appropriate ports forwarded
     
  16. Dollar

    Dollar What's a Dremel?

    Joined:
    9 Mar 2008
    Posts:
    14
    Likes Received:
    0
  17. completemadness

    completemadness What's a Dremel?

    Joined:
    11 May 2007
    Posts:
    887
    Likes Received:
    0
    You can port forward with yours

    It just means that you cant hide services behind different ports, ie, if you want SSH you have to expose port 22 (and then people can take a good guess at what service is running there)

    With VNC, you can set the port it listens on, so you can assign that to anything you want anyway

    Hmm, i was going to show you the WRT54G, but apparently that works the same way
    http://www.portforward.com/english/routers/port_forwarding/Linksys/WRT54G/1st_SMTP_Server.htm

    I guess ive just been spoilt by having a linux router box :p
     
  18. Millusdk

    Millusdk What's a Dremel?

    Joined:
    27 Jan 2008
    Posts:
    140
    Likes Received:
    1
    Just a note on security, it is not very smart to expose your webmin site over the internet, as any flaws in the webmin program can possibly lead to a hacker gaining access to your ENTIRE system. It is much smarter to do it over SSH, just setup putty to forward port 10000 and then open up https://localhost:10000/ and you are in
     
  19. Dollar

    Dollar What's a Dremel?

    Joined:
    9 Mar 2008
    Posts:
    14
    Likes Received:
    0
    can that still work when you are outside of your network?
     
  20. completemadness

    completemadness What's a Dremel?

    Joined:
    11 May 2007
    Posts:
    887
    Likes Received:
    0
Tags: Add Tags

Share This Page