4:10 p.m.
HI all i'm new here i'v been playing with the idea of setting up my own server for
a while now.
I have got ubuntu server 7 running on a system and was wondering how easy it is to set up
a server behind a NAT router with a reg'd domain name (from places like 123reg.com
etc)
for now i'm trying to get it running as an internal server on a LAN with samba running
so it can be used as a file server for everyones laptops and desktops around the house but
i plan on running a mail server and apache for webserver access and webpages available to
the outside world
My question is how would i go about getting this LAN server available to the outside world
using a domain www.silverrook.co.uk
My router is a US Robotics Sureconnect 9106
I'm using the newest distro of ubuntu server 7.10
Adam
10:46 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam Turvey wrote:
HI all i'm new here i'v been playing with the idea of setting
up my own
server for a while now.
I have got ubuntu server 7 running on a system and was wondering how
easy it is to set up a server behind a NAT router with a reg'd domain
name (from places like 123reg.com etc)
Not that hard actually, but it will be a lot easier if your router's
external IP address is static and your ISP doesn't block ports. Some
ISPs block port 25 and insist that all SMTP connections from inside or
outside of their network goes through their mail servers to stop people
unwittingly hosting open relays or having compromised PCs spamming. One
thing to think about before you get going it that if you're on a
consumer grade ADSL line, you probably have 448Kb/s upload speed (note
that b is bits, not B for bytes), which is about 40KB/s and is fine for
a friends and family kind of website/mail server but won't hold up to a
reasonably popular site doing lots of photos. That said, I did host my
site on an 800Kb/s upload business ADSL line for a few days a while back
and I'm sure people are hosting on less than 440Kb/s, a previous company
of mine hosted on a 64Kb/s ISDN line when they first started.
for now i'm trying to get it running as an internal server on a
LAN with
samba running so it can be used as a file server for everyones laptops
and desktops around the house but i plan on running a mail server and
apache for webserver access and webpages available to the outside world
My question is how would i go about getting this LAN server available to
the outside world using a domain www.silverrook.co.uk
My router is a US Robotics Sureconnect 9106
I'm using the newest distro of ubuntu server 7.10
First of all, configure your server with a static IP address on your
local network. Use your router to port forward the necessary ports from
outside to the IP address of your server.
So for example you set your server as 192.168.1.250 and you forward the
following ports to your server:
SMTP: 25
HTTP: 80
POP3: 110
IMAP: 143 (if you want it)
HTTPS: 443 (if you want it)
If your router can't forward ports then you need a better router, I'm
sure it should do though. Maybe just port forward 80 at first and then
do the rest as you go along and set things up.
You should now be able to access your web and samba server on it's local
address from inside (192.168.1.250) and your webserver again by typing
in your router's external IP address into your browser. Some routers
don't allow internal connections to access an internal machine on an
external address in this way, by going out and back in again so this may
not work for you. Try accessing the external address from a friend's
house if it doesn't work for you from home.
On your domain registration account you will have a control panel which
lets you manage your DNS. You can either set up the host names and IP
addresses in this control panel or use a DNS service like zoneedit.com
to manage your DNS, zoneedit is free by the way.
If your external IP address isn't static then it gets a bit more
complicated and you will have to look at a dynamic DNS service like
dyndns.org to manage your DNS for you. If you're lucky your router will
already have built in support for keeping dyndns.org up to date with
your IP address every time it changes. I've been buying ADSL with static
IP addresses for a few years for the sole reason that I don't have to
mess with dynamic DNS if I need to run something from home. If you have
a dynamic IP and your router doesn't support it you will have to read up
on how to run a dyndns client to keep it informed of your IP address so
that your host name always resolves to your IP address even when it has
changed recently.
Normal (not dynamic) DNS looks and sounds hard but actually isn't
really. For your domain name to resolve to your IP address you need 2
things.
1) One of more DNS servers, ideally 2 or more. Your domain registrar
will probably provide these but you can use zoneedit.com or dyndns.org.
DynDNS might charge you for using a proper domain rather than
yourname.dyndns.org they might not, I forget.
2) A couple of DNS records. I won't go into the details of DNS but for
normal web browsing you can make 2 A records which map host names to IP
addresses for the following:
silverrook.co.uk
www.silverrook.co.uk
and give them the same IP address (even though you only have one IP
anyway) so people browsing your site get the same site regardless of
whether they include the www bit (use the ServerName and ServerAlias
directive in Apache to serve both), otherwise one will produce your site
the other will give an error.
Mail is a bit more complicated and needs a different type of DNS record,
called an MX record, as opposed to the A records you just created.
So decide on a name for your mail server, it can just be
www.silverrook.co.uk or silverrook.co.uk as it's the same machine,
though I prefer to use mail.silverrook.co.uk. Give it a priority of 10.
You aren't going to have any other mail server because you don't have
any more IPs but the lower the number the higher it's priority. If you
wanted a backup mail server on a different IP, you could call it
mail1.silverrook.co.uk and give it a priority of 20.
Now create the A record which say where the name given in your MX record
is, which is obviously your external IP as it's all you have.
DNS changes generally take a few hours to take effect or even 3 days or
so, depending on how the DNS server you use is configured (zoneedit
allows you to configure it). Once the DNS changes take effect people
should be able to send mail to your domain, you just need to open up
that port forward to port 25 on your router and have a mail server
listening on the other end. You probably also want to forward port 110
for POP3 and/or port 143 for IMAP access to your mail or run a webmail
client like Squirrelmail, Horde/IMP, Neomail, Ilohamail or whatever
Of course the complicated bit is setting up a mail server with SMTP and
POP3/IMAP listening on the other end :) For a web server the Apache
documentation is excellent and I presume the Ubuntu docs are good too.
Take a look at:
http://www.howtoforge.com/
for recipe style howtos on mail and web serving and:
http://www.linuxhomenetworking.com/
for developing your home network, your networking and your server skills
with Linux.
As an aside, be cautious security wise as a compromise on any of the
services your are offering the world will potentially allow the cracker
access to your whole local network. If you can, set up a DMZ on your
router using a different network range to your LAN and put your server
on it. Your router should understand that it can allow traffic to it and
back from your LAN but not the other way around. Also beware that things
like Squirrelmail need to be kept up to date as they have a history of
security problems.
Try to avoid running an open relay, this is a mail server which allows
anyone to connect and send mail through it. Using SMTP authentication is
a good way or only allowing relays from specified IP addresses, which is
fine on your LAN but a pain in the ass when you're not at home.
Other than that, this is a great project for anybody who is interested
in this kind of thing and it's exactly how I learning this kind of
stuff. If your router can't do DMZs or port forwarding, you might want
to think about putting a Smoothwall or IPCop machine with 3 network
cards between it and your LAN, thereby allowing your to separate your
traffic from WAN, LAN and DMZ. Smoothwall and IPCop can run on as little
as early Pentiums with 64 MB RAM.
Anyway, far too much detail and I've probably lost everyone.
Adam
Me too :)
Regards,
Adam Sweet
- --
http://blog.adamsweet.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH4ZetRi1ZcmvD37cRAtJ1AJ9Xg0RlNSUovWVb3UF9mEwCxR/XHgCeO8lg
mLtvnnFeUn3lO3POEWhKUco=
=ynr1
-----END PGP SIGNATURE-----
11:13 p.m.
On Wed, 2008-03-19 at 22:46 +0000, Adam Sweet wrote:
If you have
a dynamic IP and your router doesn't support it you will have to read up
on how to run a dyndns client to keep it informed of your IP address so
that your host name always resolves to your IP address even when it has
changed recently.
apt-get install inadyn
One of my clients has a dynamic address for their business (!), [1]
and inadyn with dyndns keeps their vpn (openvpn) working :^)
btw great introduction to servers, Ad :-)
- Richard
[1] Don't ask - just remember I work in the voluntary sector
where anything is possible :-/
--
Richard Smedley, rs(a)m6-it.org
Technical Director, www.M6-IT.org
M6-IT CIC +44 (0)779 456 07 14
Sustainable Third Sector IT solutions. PRINCE2 [TM] Project Management
Training * Certification * Support * Networking * Web * Database * CRM
M6-IT is a Community Interest Company, limited by guarantee.
Registered in England & Wales, Registration No: 6040154
11 St Marks Road, Stourbridge, West Midlands, DY9 7DT
Northern Office: 4, Hollins Green, Bradwall, Cheshire, CW10 0LA.
Welsh office/ Swyddfa Gogledd Cymru: e-mail / e-bost - cymru(a)m6-it.org
Southern Office: Oxford contact matthew(a)m6-it.org
9:42 a.m.
On 19/03/2008, Adam Sweet <adam(a)adamsweet.org> wrote:
'An excellent HOW TO'.
Can Adam's explanation be incorporated into the LUG home page
somewhere? It certainly deserves to be accessible; if Adam agrees?
--
==============================================
Kevan Farmer
Linux user #373362
Staffordshire
10:17 a.m.
On 19/03/2008, Adam Sweet <adam(a)adamsweet.org> wrote:
'An excellent HOW TO'.
Can Adam's explanation be incorporated into the LUG home page
somewhere? It certainly deserves to be accessible; if Adam agrees?
Blush, sure I have no problem with that at all. I have since thought of
one or 2 additions I should have made though.
1) If your ISP allows and many don't, you should set up a reverse DNS
record (you need to do this with your ISP, not ZoneEdit or whomever you
did your other DNS stuff with, since they own the IP address and therefore
answer the DNS lookups on it.
Reverse DNS records are called PTR records and map your IP address back to
a hostname rather than the other way round which you have (theoretically)
already set up. You need to do this if you plan to host mail since some
mail servers check your forward (hostname to IP address) and reverse DNS
records (IP address to hostname) and reject your mail if they don't match.
So, set up a PTR record with your ISP that matches the A record you
provided for the server named in your MX record, aka
mail.silverrook.co.uk.
2) If you to run your server on a DMZ instead of your main LAN, Windows
style Samba file sharing won't work as it relies upon a lot chattery
communication between the hosts and being on a DMZ doesn't allow your
server to initiate communication with the main LAN.
Regards,
Adam Sweet
--
http://blog.adamsweet.org/
12:58 p.m.
excellent explanation has helped me a lot although you were right a lot of ISP dont let
you do this and mine is one of them :( oh well back to the drawing board lol
Thanks again guys
Date: Thu, 20 Mar 2008 10:17:36 +0000
From: adam(a)adamsweet.org
To: staffslug(a)staffslug.org.uk
Subject: Re: [Staffslug] Setting up linux server behind NAT
> On 19/03/2008, Adam Sweet <adam(a)adamsweet.org> wrote:
>
> 'An excellent HOW TO'.
>
> Can Adam's explanation be incorporated into the LUG home page
> somewhere? It certainly deserves to be accessible; if Adam agrees?
Blush, sure I have no problem with that at all. I have since thought of
one or 2 additions I should have made though.
1) If your ISP allows and many don't, you should set up a reverse DNS
record (you need to do this with your ISP, not ZoneEdit or whomever you
did your other DNS stuff with, since they own the IP address and therefore
answer the DNS lookups on it.
Reverse DNS records are called PTR records and map your IP address back to
a hostname rather than the other way round which you have (theoretically)
already set up. You need to do this if you plan to host mail since some
mail servers check your forward (hostname to IP address) and reverse DNS
records (IP address to hostname) and reject your mail if they don't match.
So, set up a PTR record with your ISP that matches the A record you
provided for the server named in your MX record, aka
mail.silverrook.co.uk.
2) If you to run your server on a DMZ instead of your main LAN, Windows
style Samba file sharing won't work as it relies upon a lot chattery
communication between the hosts and being on a DMZ doesn't allow your
server to initiate communication with the main LAN.
Regards,
Adam Sweet
--
http://blog.adamsweet.org/
_______________________________________________
Staffslug mailing list
Staffslug(a)staffslug.org.uk
http://lists.staffslug.org.uk/mailman/listinfo/staffslug
1:55 p.m.
> > On 19/03/2008, Adam Sweet <adam(a)adamsweet.org> wrote:
> >
> > 'An excellent HOW TO'.
> >
> > Can Adam's explanation be incorporated into the LUG home page
> > somewhere? It certainly deserves to be accessible; if Adam agrees?
>
> Blush, sure I have no problem with that at all. I have since thought of
> one or 2 additions I should have made though.
>
> 1) If your ISP allows and many don't, you should set up a reverse DNS
> record (you need to do this with your ISP, not ZoneEdit or whomever you
> did your other DNS stuff with, since they own the IP address and
> therefore
> answer the DNS lookups on it.
>
> Reverse DNS records are called PTR records and map your IP address back
> to
> a hostname rather than the other way round which you have
> (theoretically)
> already set up. You need to do this if you plan to host mail since some
> mail servers check your forward (hostname to IP address) and reverse DNS
> records (IP address to hostname) and reject your mail if they don't
> match.
> So, set up a PTR record with your ISP that matches the A record you
> provided for the server named in your MX record, aka
> mail.silverrook.co.uk.
excellent explanation has helped me a lot although you were right a
lot of
ISP dont let you do this and mine is one of them :( oh well back to the
drawing board lol
That doesn't mean that you should give up on hosting mail from home, it's
not ideal as some people won't accept mail from you, but it doesn't mean
that it won't work without setting your reverse DNS.
I should also mention that some ISPs add their consumer cable and DSL
ranges to RBLs (Real-time Black Lists) as most spam comes from compromised
machines these days. I remember that people hosted on 1and1 wouldn't
accept mail from me when I hosted from home.
Add this to the article too :)
Regards,
Adam Sweet
--
http://blog.adamsweet.org/
12:54 p.m.
sounds good to me
Date: Thu, 20 Mar 2008 09:42:14 +0000
From: kevanf1(a)gmail.com
To: staffslug(a)staffslug.org.uk
Subject: Re: [Staffslug] Setting up linux server behind NAT
On 19/03/2008, Adam Sweet <adam(a)adamsweet.org> wrote:
'An excellent HOW TO'.
Can Adam's explanation be incorporated into the LUG home page
somewhere? It certainly deserves to be accessible; if Adam agrees?
--
==============================================
Kevan Farmer
Linux user #373362
Staffordshire
_______________________________________________
Staffslug mailing list
Staffslug(a)staffslug.org.uk
http://lists.staffslug.org.uk/mailman/listinfo/staffslug
6083
days inactive
6085
days old
7 comments
4 participants
participants (4)
-
Adam Sweet -
Adam Turvey -
Kevanf1 -
Richard Smedley