I was given a really old AMD Athlon MP 1800+ based server, thanks Doug. I was going to buy a via embedded board with dual NICs but couldn't afford to get one. Maybe someday I will. So the first thing to do was to take the damn thing apart, I really wish I had a digital camera, so that I could clean it and maybe do a better job with the wires.
Once the cleaning was done I had to install freebsd, this is probably the easiest OS in the world to install. It installs in about twenty minutes from the time you turn the computer on to reboot into the new OS. Blows the install times on windows and most linuxes out of the water. What you get though is just the base system which is fine, cause it's BSD I can very easily change the rules of the os to make it into any kind of server that I choose, unlike windows and some linuxes.
Well the first thing I need to get working was firewall/routing. PF is fanfuckingtastic for this. I was able to setup dhcpd by myself but could not for the life of me figure out the pf.conf, what a n00b, well thanks to Doug and his awesomeness he hooked me up with rules that work for what I need and will allow me to expand in the future, plus he commented the pf.conf for me so that it's awesome.
# $FreeBSD: src/share/examples/pf/faq-example1,v 1.1 2004/09/14 01:07:18 mlaier Exp $
# $OpenBSD: faq-example1,v 1.2 2003/08/06 16:04:45 henning Exp $
#
# Firewall for Home or Small Office
# http://www.openbsd.org/faq/pf/example1.html
int_if = "fxp1"
ext_if = "fxp0"
router_ext_ip = "X.X.X.X"
router_int_ip = "192.168.2.1"
router_ext_services = "{ 22, 888, 21, 3306, 80, 25, 143 }"
router_int_services = "{ 22, 888, 21, 137, 139, 901, 3306, 25, 631 }"
nietzsche_ext_ip = "X.X.X.X"
nietzsche_int_ip = "192.168.2.254"
nietzsche_services ="{ 22, 5900 }"
#-----------------------------------------------
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
#-----------------------------------------------
# LAN Nat
nat on $ext_if from $int_if:network to any -> $router_ext_ip
# Redirects for nietzsche access from the outside using public IP
binat on $ext_if from $nietzsche_int_ip to any -> $nietzsche_ext_ip
#-----------------------------------------------
# Allow all local traffic on the router
pass quick on lo0 all
# Default block for evertything else
block log all
# Pass everything outbound from the firewall, so we only have to filter inbound on interfaces
pass out quick all keep state
# Allow icmp everywhere to aid troubleshooting
pass in quick proto icmp keep state
# Testing
#pass in quick all keep state
# Services accessable on the router
pass in log on $ext_if inet proto tcp from any to $router_ext_ip port $router_ext_services flags S/SA keep state
pass in log on $int_if inet proto tcp from $int_if:network to $router_int_ip port $router_int_services flags S/SA keep state
# Services accessable on nietzsche
pass in log on $ext_if inet proto tcp from any to $nietzsche_int_ip port $nietzsche_services flags S/SA keep state
# Allow LAN machines to get out on any port
pass in on $int_if from $int_if:network to any keep state
Next thing to get working was my ftp for my massive collection of music. I really like pure-ftp for this. I found a great how-to online detailing a pure-ftp setup that uses virtual users, very important for security, and MySQL to store the user information. The how-to is here http://machiel.generaal.net/index.php?subject=pureftpd&language=eng. This got me going with out much hassle, I did have to figure out some php stuff on my own. This setup works great, although I still need to get the ftp working in passive mode.
So my latest endeavor has been e-mail. I've owned brektyme.com for a little while now, mostly so I don't have to keep track of all my ip addresses. I decided though that I would like to stop having all my computers send their logs to my gmail account. So, I wanted a better solution, and Postfix was the answer. Postfix is great, it's easy to customize, easy to setup, and easy to maintain. So, I didn't want to just get postfix working that wouldn't get me much. No, I wanted an ISP class e-mail service, one where I could check with webmail anywhere, host multiple domains, setup aliases, and give my friends virtual accounts. Well again I was lucky in that I found a great how-to, only it was for openBSD, but no problem I was feeling comfortable enough with freeBSD by now that I should be able to get this going. Well I followed the how-to, but no luck. Luckily for my I have Doug, he was able to help me troubleshoot my SQL, and Postfix issues without telling me exactly what the issue was. I was able to figure it out and got postfix working in no time with his help. Then came IMAP, this too proved not that difficult. To tell the truth after fixing postfix and the SQL DB entries I was able to get everything working quick. Crap firefox crashed just now and I lost like another five or six lines from here. Damnit! I'm just going to publish this crap now and add to it later.
6/2/07 I still don't feel like updating so suck it!
1 comment:
As long as you have my e-mail working. Beyotch.
Post a Comment