Dedicated Home Server
I'd like to have a dedicated home server for various tasks such as web proxy, ftp, ssh, web server, media, etc. My network is currently set up with a cable modem, which feeds into a router which then goes to the computers. Am I supposed to wedge my server inbetween the modem and the router so that all traffic runs through it? I have 2 ethernet interfaces on the server, so I plugged the output from the modem into one and then the router into the other. But the problem is that then the server has a connection to the internet, but the rest of my network doesn't. I can't even ping the router. Is there something that I'm missing here? How do I get this to work? I've heard that you can leave the server just plugged into the router like any of the other computers, but then you have to configure each computer to access the server as a proxy. I don't want to have to do that. I want any computer that is currently or ever might be on the network to be forced to route through the server. I've got webmin and squid running but I just don't know how to apply it to the whole network. Sorry for being so unknowledgeable about all this stuff. This is my first time trying to set up a server.
First of all, welcome to LinuxForums. Having your home computer as a dedicated server can be incredibly useful so it is a good idea to learn how to do it.
First of all, we can discuss an easy setup for your computer connections. I think the easiest way to set up your lan would be to connect your server computer to the router then the router to the cable modem. Then from your router you can either put your server computer outside of the DMZ, or just use port forwarding to connect to the different services you will be running (port 21 for ftp, 22 for sftp/ssh, 80 for http). The way you set these things up is router dependent so consult your manual (or if you need to post, use pretty specific questions).
Then you will just need to install the correct packages. Example: apache for your web server. (apache is very widely used, but there are others which are lighter weight such as lighttpd or monkeyd). These have a central configuration file where you can specify the your base directory etc. One note, since you are using a cable modem, I know that my cable company blocks http servers from their users. You can get around this by not using port 80 (manually set it to something else).
The same type of thing goes for the other services. SSH generally comes already set up in some form for most linux distros. (Once you are all configured, to start one of these servers you will need to use "/etc/init.d/sshd start" or something of the like)
That was a little superficial of a walkthrough, but good luck!
I strongly recommend that you place the server behind the router.
Give the server two (inbound, outbound) static IP addresses that are similar to the subnet of the DHCP pool of your router, but be sure that static ip addresses are not in the DHCP pool. You dont want two machines on your network with the same ip address. Set the default gateway of the server to the routers ip address. port forward the internet traffic that you want to go to your server (e.g. ftp, ssh, www, etc...) Connect both the inbound and outbound server LAN connections to the router's LAN side and connect the routers WAN port to the cable modem.
To use the linux box as a proxy server, you need to change the default gateway in the router's DHCP setup to the inside ip address of your server so that DHCP clients on your LAN know to use the proxy server for outgoing internet access.
Thanks for the quick responses.
So it sounds like I'm getting two different votes here. One for leaving the server connected to the router like any of the other computers on the network, but just configuring the router to route all internet traffic through the server, right? I have to place it in the DMZ so that it can be accessible to the outside world. I guess I'd do all that in the router's setup.
Vote two is to still leave the server behind the router, but to connect both of its ethernet interfaces to the router. I don't understand what good that would do, other than giving the server two ip addresses, like you said. What were the two connections for? You said inbound and outbound. Is the inbound going to be a LAN address, like 192.168.1.2 or something, to be used in communicating with the other computers in the house, and then the outbound address would be on the WAN, for internet trafficking? I don't understand that though, because if they're both connected to the router, then they'd both be LAN addresses, right? I'm sorry, I'm a little confused about this one. If I understand right, though, aside from the two connections part, this is pretty much the same as the first suggestion, right?
Thank you both for your suggestions. I'm going to try them out as best I can and see if they work, and if they don't, I'll come crawling back to see if anyone has posted more info. If they do work, I'll let you know. Thanks a bunch!
Just as a quick clarification. There is no need to have your server computer doing all the routing... the router can do that just as well. You can still just connect your other local computers to the same router as the server is hooked up to.
I agree and probably a lot more secure. Some newer routers can be upgraded to third party firmware to do a lot of the internet filtering. Usually it is not a good idea to put all your eggs in one basket. You can always forward ports that are needed and then you do not have to leave the whole system exposed to the net with dmz.
Keep in mind that by putting a Linux server inline to replace a
hardened appliance you are potentially asking for a LOT more
maintenance and troubleshooting. I recommend putting your
server behind the router, port forward anything that needs to
reach it from the Internet and manually setup web proxies on
your clients if you -really- feel the need to use a web proxy on
your home network.
If you -must- force everything through the Linux server, remove
the router and use the 2 network interfaces. One on the inside,
one on the outside and have fun tweaking iptables! Remember
that if you're storing personal data on this server that it's now
on the Internet and not protected by a hardware firewall.
Well...I got everything working great, except for the proxy. I left the router in with the equation and stuck the server behind it. I would just set up each computer individually for the proxy settings, and it would work, but I'm trying to make a transparent proxy. I couldn't figure out how to set up a transparent proxy while the server is behind the router. Is it possible to do? If I forward port 80 to the server, then none of the computers can connect to the internet. Instead they get forwarded to the server's webserver whenever they try to go to a website.
Sounds like something is not set up right. I try it without the proxy and see what happens.
Well, I did try it without the proxy, and everything works great. The ftp server, ssh server, web server, etc. Everything is perfect. It's just that whenever I enable port forwarding of port 80, it forces everything to the local webserver.