Hi everyone. I've been using custom Linux distros for the past 2 years for my home gateway/firewall (IPCop, SME Server, M0n0wall). Tho they work quite well, I've always found it annoying when it came to managing or adding functionality to it. I've come to a point where I'd like to try and setup my version of the ultimate home server with Debian 3.1 (Sarge) for me and my fellow roommates. However my Linux knowledge, for the time being is quite limited to very simple administration of packages installed and configured by others. I'd like to start changing that and require your assistance. I've checked and read a lot of guides on this site. And they are all very well written and maintained. However I find that many of them seem to be aimed at ISPs and others with fixed internet IPs. Which is not my case at all. Also,. I understand that by running everything off 1 machine is potentially dangerous (single point of failure). But hey, I only have 1 machine (2.8 ghz 1 gig RAM) that I'm willing to dedicate to it. Here are some of the features I see this box doing. I'm sure I've missed things, please feel free to comment. Stealth Firewall DHCP server DNS server (Update with dhcp leases and static hosts entry) Proxy server Bandwidth throttling Web server MySQL ProFTPd + Web management interface LDAP Server SAMBA support Mail server (Secure POP, SMTP & IMAP) Anti-virus Spamassassin (with reporting features per user account) Fetchmail from different POP accounts and put in appropriate user accounts VPN Server Road Warriors VPN into Green Road warriors VPN into Blue Users VPN from Blue to Green Web based stats (hardware & software monitoring, mail, dns, dhcp, ftp, spam, virus, etc.) Critical Server Alerts sent to SMS device or if Asterisk is working, via voice msg. Misc: IDS Rootkit Dynamic DNS support Captive portal for Wireless connections Asterisk@home for VoIP (Would it be possible to send server stats to SMS via phone?) Parental protection features So that's it for now, I would like to read comments and suggestions. I'm also attaching a network topology of this, please let me know if there are changes I should bring to it. Thanks. -K PS: Am I crazy?
This clearly looks like a job for IPCop, and for all services not managed by IPCop I'd install another server. I think it will become too complicated to do it on one box, especially if you're no Linux expert.
Hi Falko, thanks for the reply. I've since been reading up on various parts of my initial post. You're right! I might have been a little out of my mind to think that I could so easily do this So for the time being, I've decided to keep 1 machine running IPCop. And setup a seperate machine to run some lan services. - Web (Apache, PHP, MySQL) - Samba - Mailserver with spam and antivirus + control panels or reporting pages That should be enough to keep me busy for a little while... I do have a few simple questions if you could point me in the right direction concerning the mail server. I want to create a mailserver for my LAN users (4 roomates). So I want to create user account on the server, and configure fetchmail for each account to acquire the email from various POP servers, download, scan (Spam, Antivirus), deliver to each users's account. Then allow each user to use their client software in a secure manner read their email either via POP or IMAP securely (SSL/TLS). Is this complicated on a dynamic IP cable connection? Thanks. -K
Just configure fetchmail to fetch your users' mail from the mail boxes. Have a look here: http://www.howtoforge.com/forums/showthread.php?t=5679&highlight=fetchmailrc If your roommates are trying to fetch their emails from your mail server from within the local network, then they can use the mail server's internal IP address in their email clients. If they do it from the outside, you should get a dyndns.org domain name for your mail server that your roommates can use in their email clients.
Hey Falko, Was just reading another one of your tutorials "Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV)" and was wondering if I can use that setup for my users and then configure fetchmail to "fetch" to their accounts. If so, what is the proper way to configure users?
Ok... will test out a few things. I'm getting the hang of it, well... starting to BTW, just got to say that your how-tos are really nice. Thanks so much for writing them its thanks to people like you that people like me improve their skills faster. Thanks again! -K
Didn't they do an "ultimate server" thing already ? and is the picture in your sig your network in your house ? good lord if thats your home network maybe you should be writing the how-to. impressive layout
Thanks... but no. This is the layout I've been dreaming of having at my house. However, 2 weeks in, still having trouble with fetchmail lol... so you can imagine the rest. I don't know why, linux mail servers has always been a pain in the a$$ for me... maybe one day Keep you guys posted. PS. Just for you info, a lot of it can already be done with IPCop. Just that I've been looking for a way to do it with Debian...