Running a DSL webserverForum: Networking Topic: Running a DSL webserver started by: libretto Posted by libretto on July 03 2004,15:36
Hi all,Just wanted some tips/advice on setting up my own webserver, which of course will be running DSL � Has anyone actually used the Monkey webserver to run a proper website? I was hoping to get a router then hook stuff up as follows: Cable modem->Router->Webserver and other netowrked machines Would this setup be secure enough, or would it be best to physically seperate my webserver from all the other machines of the network? ie put the webserver with a switch before the router and install some firewall software on it Any help appreciated. Cheers to all for an excellent distro Posted by ke4nt1 on July 03 2004,16:54
I would certainly be using some type of firewall now anyway.Most cable modem/dsl/routers aren't the best at firewalling. I wouldn't DARE put a server on your internal net.. Once a person is past your cable/router, and onto your side of your network, danger lurks..... BEWARE! ...you have been warned!... Using a package like Astaro ,Freesco, Shorewall, etc. on an old boatanchor or atticware box is more usable for what you are trying to do... Most all of these packages allow you to use a nic for your cable-modem, another nic for your internal net, and a third for your DMZ boxes.. ( server ) You'll have much more control over open ports, nat, logs, and can install additional software to make even more fun reports and scans from incoming pings and scans. Most are accessible thru a webmin-type interface, so your DSL browser would be a great "admin" box. I've only played with monkey a little... Someone else here can give you more details on that gem. With roberts new PHP extension, you ought to be able to do quite a bit with it.. 73 ke4nt Posted by cbagger01 on July 04 2004,01:28
If you have a decent home networking router like my Linksys WRT54G (which runs on an embedded Linux OS from a flash drive inside the box), you should have the flexibility to lock down your ports so that you either:Only allow inbound connections of any type to the web server computer and not the rest of your PCs. This puts your web server PC in the "DMZ" while the rest of your computers are behind the firewall. You will then need to install an iptables-based software firewall or similar program on your web server PC. Or you can keep all of your computers behind the firewall and only allow incoming port 80 connections (HTTP) and deny all others. You will then route all of this traffic to one specific computer in your home LAN, which will be your web server computer. This is called a "virtual server port", and is also known as port forwarding. You will need to give your web server a static IP address so that the router will know where to find your web server whenever a new HTTP request arrives. Good Luck. Posted by libretto on July 04 2004,09:46
I don't really have the room for another full size PC, the webserver is going to be my miniPC I think the port forwarding would be the easiest method so I can allow incoming HTTP and SSH to the webserver. But still allow ports for programs like MSN messenger to get in/out for the other PCs of the network inc mine. Was looking to get the Linksys BEFW11S4-UK Wireless Router (unfortunately can't trail leads across the house, so will need to get a USB wifi adapter for my PC) Posted by cbagger01 on July 04 2004,16:38
Make sure that you get a wifi USB adapter that is supported by Linux.Knoppix supports many of them, and DSL supports most of the knoppix ones (DSL is based on knoppix version 3.3) google is your friend. Also there is a thread in this discussion forum that lists wireless cards that work with DSL. Check it out. Posted by libretto on July 04 2004,18:32
Thanks for the details, well I managed to see one of my mates today and he recommended 802.11G so will probably get the router you have cbagger01. On reflection I have heard that USB adapters take up alot of CPU cycles, so instead I will probably get a PCI wifi card. Anyway the 100MB card would be a bit redundant once the routers in so I can just swap them over
Posted by cbagger01 on July 05 2004,16:32
One of the cool things about the WRT54G router is that a number of people have created a hacked version of the firmware that you can download into your router.The hacked version of the Router firmware supports the ability to telnet or ssh into your router and get a command prompt. You can then install additional linux programs and run them inside your router. I haven't tried it yet because downloading firmware carries some risks and other than the curiosity factor I have no use for the custom firmware at the moment. Also, at the moment the PCI wireless cards are better supported in Linux than the USB ones. You still need to make sure that your card is supported by linux in general and better yet DSL. Belkin has a cool looking 802.11G USB adapter that is on sale right now at CompUSA but they refuse to release any information about the chipset so there is no knowledge if it can be used in linux. This is too bad because it looks like the ideal solution. It is a tiny low power usb "thumb drive sized" adapter that will run 802.11g if you have USB 2.0 and it will run 802.11b if you only have USB 1.1 It also has a desktop "cradle" that makes it great to use as a wireless adapter for a home desktop PC. Because you can mount the cradle higher up in the air it should allow you to pull in signals from a greater distance. Oh well. I'll have to wait until more information is available. Good Luck. Posted by libretto on July 05 2004,18:31
Didn't realise you meant that Linux was running on the router 'literally'! FYI, I'm not running linux on my own machine yet.... just the webserver (okay its dual boot, but not for long ) and the webserver will be cabled into the router. If I were to run the webserver from the DMZ of the router, how would I run iptables on the server? Is iptables included in DSL? EXTRA: Whilst having a hunt round the linksys site found < this >, which may be of interest Posted by cbagger01 on July 05 2004,19:04
Yes, the router itself is running an embedded version of linux.This means that you can install all sorts of neat networking programs on the router, like logging, snooping, creating your own personal VPN server, etc. The biggest limitation is the amount of available "disk space" (flash memory) and RAM in the machine. If you had a small, text-only web site you could probably put the entire web site into the router's memory and use the router itself as a web server. As for DSL, I don't think that iptables is included. You would need to install it and also some sort of configuration tool so that you could easily set it up. I am sure that that are others on this forum that have already done this. Maybe one of them can relate their experiences to you. Otherwise, try searching the forums for "firewall" or "iptables". Good Luck. Posted by libretto on July 05 2004,19:19
Crikey! Wasn't expected an instantaeous reply! I think Iptables may included on the actual router as you can download the source from the company website. But all will have to wait till I can buy the router, on a student budget :S Hopefully not too long
Posted by Joat_Mone on July 06 2004,17:42
liberetto,I have been working on the same thing here at my home. Like cbagger01 said the easiest way is to open port 80 to the specific machine you are using as a server (make sure to close it when you are not serving). When you open port 80, it only opens for incomming transmission (you can still get out normally when you surf the web). There is scant information about monkey server (even his website says very little). The good news is the monkey.conf file is very well documented. You might want to get it setup and back up that file. I run live from the CD so I back that file up the a floppy just incase I need to reboot. Monkey has built in php useablilty. You need to download it and put it on you harddrive and in the monkey.conf file tell it where the bin file is. This post helped me for setting up the php (http://damnsmalllinux.org/static/act=ST;f=16;t=33;hl=monkey+and+php). A sample page I put up is : < http://bwibit.no-ip.biz/puppet > I used a free Dynamic DNS service. Very helpful if you dont have a static IP. Matt P.S. I hope this helps and I have finally contributed something. Posted by libretto on July 07 2004,19:11
Well haven't used PHP myself yet (did a little ASP for work) but when the time is right I can make my website more dynamic. Fine about port forwarding port 80, I also hope to open a few other ports so I can acces my server form outside (eg 23 for SSH). I'll work this all out eventually! This is why DSL is so useful, any problems just reboot the CD (well a short HD install for me). As for dynamic DNS I would like to do that, anyone have suggestions for free DNS hosts (pref UK based)?Cheers to all for help so far. P.S.: Just been paid by work, so waiting for the cheque to clear and routers, etc.. can be bought Posted by AwPhuch on July 07 2004,20:38
Did you do a harddrive install?You can use a 3rd party http server like I use. you dont have to build it...just download a tgz and extract it and it runs... You can get it here < Abyss Webserver >, its only approx a 180k footprint and has its own config page...to host just simple html pages (no php, perl, or whatnot) it works great, creates awesome log files, and if you want it to support those mega webpages its not hard to mod those. my webserver is at < http://awphuch.no-ip.com:1079 > if you want to see how it handles Brian AwPhuch Posted by libretto on July 07 2004,21:03
Yes my webserver has a HDD install. Thanks for the suggestion but I would like to give the monkey webserver a try first. Although the no-ip.com DNS redirection youve got is interesting. Nice site BTW better than mine will ever be
Posted by AwPhuch on July 07 2004,22:56
Monkey is a very very very small webserver ill give ya that!!Man! Brian AwPhuch Posted by Joat_Mone on July 08 2004,01:22
liberettoThat was just thrown together so a friend can access the pic's, One thing I didnt realize until I saw the error log was you cant have spaces in the file names and expect dillo or g-Links to figure it out. (D'oh)It should work properly now. If you have any questions I dont mind answering what I know (which isnt much...). Just E-Mail me at [email protected] is you want to. P.S. Very glad I could be of some help. Posted by AwPhuch on July 08 2004,14:42
Cool...I have the binary for 0.8.4-2 if you want it Brian AwPhuch Posted by AwPhuch on July 08 2004,14:44
also remember linux is case sensitive as well a href to "picture.number.jpg" wont work if "picure.number.JPG" Brian AwPhuch Posted by Joat_Mone on July 08 2004,22:16
Yes, I knew it was case sensative through trial and error (O.K. more error than trial....). Winders didnt have a problem with the spaces, but if you want to cater to everyone, stich with the underscores.How would I install the newer version? Keep in mind I come from a DOS/Winders background. This is my first fourey into Linux (and a very easy transition). I have a friend who has been providing assistance if I get stuck, but I would like to do it myself. Since I am running off the CD should I just wait until DSL upgrades monkey? Posted by AwPhuch on July 08 2004,23:31
Well if you are running off of CD then you cant update without reworking the entire cd. If you have a HD install then you can just replace the binarys (inside /usr/sbin) [banana and monkey] and that should upgrade it. Monkey webserver looks like a decent little beast now that I look at it and see what it can do... Brian AwPhuch Posted by libretto on July 12 2004,19:17
As easy as that eh? Well I'll try to get the whole thing working first before I start updating software Hope to order some 802.11G stuff morrow!
Posted by libretto on July 22 2004,18:42
The goods have arrived and the router is working. Now just need to connect my DSL machine to the router and away I go........[EXTRA] cbagger01 have you or anyone else used the DynamicDNS option in the router that interfaces with dyndns.org? [/EXTRA] Posted by libretto on July 31 2004,15:42
The server was working! < See this thread.... >
Posted by cbagger01 on Aug. 08 2004,01:23
I have not used the dyndns option in the router.However, I did read something about a firmware update from linksys that solved a problem with the dyndns option. So you may want to check your firmware revision and the linksys download page / changelog to make sure that your firmware version will work OK. Also, if you upgrade your firmware to the latest version, it will probably close the "back door" that allowed the router administrator to run shell commands inside the router's mini-linux OS. That's OK because you can always download a modified firmware package from one of the WRT54G linux modder web sites that will allow you to telnet or ssh into your router. Just be careful and make sure that you know what you are doing before you push the install button. Good Luck. Posted by libretto on Aug. 08 2004,13:45
OK thanks for that.Well dont really see a need to ssh into the router itself from the outside. Just would need access to my server. Will have a check of the Linksys site this evening. P.S: Found this on the Linksys site: < router firmware >. Seems the 'beta' copy closes the backdoor, dont know about the latest revision of the firmware |