Server from desktop

[Urza9814]

Aight, my band website was just hacked by some retards...and I'm wondering...is there any way to make my Linux desktop a server? I know I'll have to use the IP as the URL, but I think I'll get a .tk addy to handle that or something...anyways, I want this so that I can block URLs with a firewall or something...and it's better space/bandwith...though I'd have to talk to my ISP about this, right? I'm just wondering, since they have server progs...

[fuzzylizard]

Yeah, you can make your desktop computer into a 'server'.

 

Someone please inform me as to what the difference between a 'desktop computer' and a 'server' is!!!

 

Anyway, any computer is a server if it is serving something. Therefore, install a web server onto your computer and bingo presto it is a server. Remove the server thingies from a 'server' and it becomes a desktop computer. They are all just oversized calculators.

 

Okay, rant aside. The biggest thing that you need to look at is the service agreement from you ISP. Most home ISP companies do not allow the use of servers being setup on their connections. Therefore, if you do set something up, know that you will probably be in violation of your service agreement.

 

Do you have a static IP or a dynamic IP? This will also be something that you will need to consider.

[Urza9814]

yea...that's basically what I thought...though I have a dynamic IP, it's only changed once in the past year, so that shouldn't be much of a problem...but I have a feeling my ISP won't allow it...but I'll check...hopefully they do :-P

 

[edit]

 

we'd have to upgrade to a business package :-(

Edited January 25, 2004 by Urza9814

[iphitus]

you can still use it with a dynamic IP, and not upgrading to the business package.

 

However you would might be in violation of your Acceptable Use Policy. I am, they havent found out tho, lol.

 

To use a dynamic ip, www.no-ip.com

 

For a webserver, install apache.

 

You put the website in /var/www/html/

 

You should install webmin too, and you can configure apache with that.

[Urza9814]

lol...yea...I would do it anyways, if I had a major reason to...our site's almost out of room though, so I might use it for that...but I'm thinking of just getting it and using it for hotlinking files to friends, or projects to school :-P...I hate wasting an entire CD for an 80MB animated GIF :-P (I did that once for a school project :-P)

[Urza9814]

I'm trying to get this thing working...but it's not...

I'm on a network, and if I type in the comp's network IP from my other comp, it works...however, even using the router's DMZ (sets the comp outside of the firewall and all and SAYS it gives it a static IP) it still doesn't work...if I type in the IP from a network comp, I get the router setup page...I told a friend on AIM to try it...and it didn't work at all... :-S

BTW - I recently discovered Webmin (in my essential progs discussion :-P) so I'm using that to set this up...but I don't understand most of it...so what I need is probably there :-P

Edited January 27, 2004 by Urza9814

[fuzzylizard]

From what you describe, you have several things going on here.

 

You are going to have two different IP addresses to work with - the external one and the internal one. The external IP address is the one that is given to you by you ISP. This is the one that everyone outside needs to type in to reach your website.

 

The internal IP address is the IP address that your router gives to your webserver. This may be done through DHCP or setup statically.

 

When you try to access the website from your home network, you are using the internal IP and directly accessing the computer. However, this won't work for computers on the internet (i.e., computers outside your home network). What you need to do to fix this is something called port forwarding.

 

When people try to access you web server they are probably using port 80. You need to go into your router and tell it to send all requests for services on port 80 to your webserver. How you do this should be included in the documentation for your particular router. This will send all outside requests to the correct computer. Port forwarding only works with static internal IP addresses so you are going to have to manually setup the networking on your web server instead of using DHCP.

 

Once you have all this done, your friends will be able to access the apache and see your web pages.

 

As for DMZ, this is a way to section off a web server and still protect the computers on your home network. This creates a little network sandbox in which your web server can play without placing your home network computers in jeopardy. Remember, any computer that is exposed to the outside world can potentially be used to hack into other computers. The point of a DMZ is to prevents this.

 

The point to all this is that if you have an internal network you should place the web server in the DMZ. How you do this will once again depend on your router/firewall. You will still be able to access apache, but the computer will/should not appear on the rest of the network. It will only be accessable through ssh or apache or ftp or whatever remote access service you install on it. I suggest ssh.

 

Hope that helps. If I missed anything, just shout

[Gowator]

Basically, if you use the no-ip suggested by Iphitus or I use dynamicdns.org then you get an external internet address with a resolvable name. everytime your ISP changes your IP address a little deamon running in the background tells the service and this updates it with your new one.

 

Anyway your router receives a single IP from your ISP.

*At the moment it accepts all http traffic on that address.

What make/model is it ????

You should be able to assign both hostnames and/or a DMZ computer from it.

The details will be specific to your brand and model of router....

[Urza9814]

I set it to forward both TCP and UDP, private and inbound ports 79-81, to this comp...and it still doesn't work...and this comp is in the DMZ...any other ideas???

 

[edit]

 

hmm...mebbe if I take my other router...run this comp and the wireless router off that.... :-P

 

[about 5 minutes later....]

 

Ok, that's not really an option anymore...I can't find the disc for it...and I need it to install it...

...and I'd really like to have a 4th firewall for my other (well...more my brother's...he uses it...I take care of it :-P) computer...it's got windoze XP...so it needs all the firewalls it can get :-P

Edited January 27, 2004 by Urza9814

[fuzzylizard]

Jsut for clarification, what exactly are you trying to do and what hardware are you trying to do it with? How many computers are involved with this, how many routers and how many firewalls and what kind of internet connection do you have.

 

Also, some ISP's block port 80 and other well known ports to prevent people from setting up servers on their home connections.

 

Can any of your friends connect to port 80 using telnet?

 

Anyway, more details are needed as this thread is getting a little confusing.

[Peep]

i was trying to come up with a mental flowchart of this network, but anything over 3 firewalls in a home network and my brain crashes.

[Urza9814]

Hardware: a belkin wireless router, but im not using the wireless card on this comp

Software: webmine, apache

Only really using one comp...got one other in my network though

only one router ATM...1 firewall on it, and the default linux...

I tried the telnet myself...3 times...once to my network ip, once to my ISP assigned IP, and once to google.com...appeared to work each time...said "connected to _______. Escape character '^'"...

If it has to be done from another comp...I only know one other person with linux...same ISP...but he's not very cooperative with this stuff...and he's 'playing xbox' right now...

Edited January 28, 2004 by Urza9814

[fuzzylizard]

Okay, that helps. You really need to find someone who can connect to your IP from outside your network. Most likely, your router is getting in the way and not showing you a true picture. In order to test this properly, you are going to have to test it from outside.

 

If you have associated the IP with a domain name, feel free to post here so that I, or others, can test it and send you some feed back.

 

What brand/make is your router (manufacturer, model, model number)? Provide this and we can give you the exact details of how to setup the port forwarding.

 

Time for more details, what exactly have you done on the side of your computer and in your router? Also, there is no reason to forward ports 79-81, HTTP only connects across port 80.

 

Has anyone been able to connect, using telnet, to your computer from outside your firewall/router?

[Urza9814]

I got a friend to do telnet...didn't work...

My current router is a Belkin Wireless Cable/DSL Gateway router...I also have a SMC Barricade, but using that would involve plugging the belkin into a port on that...

as for a domain for testing...I would just give you my IP if this forum was members only...but it's not...and .tk won't accept it...says it doesn't exist...so if you want, send me an IM:

AIM: Urza4189

MSN: Urza981@hotmail.com

Edited January 28, 2004 by Urza9814

[fuzzylizard]

Okay

 

The fact that your friend was unable to connect means one of two things: either you router is not setup properly or your ISP is blocking port 80.

 

We will assume that it is the former since checking the later can be difficult.

 

Here are the general steps needed to setup the port forwarding

 

1. give the server a static IP. If you are using Mandrake the easiest way of doing this is through MCC and the network wizard. It is fairly straight forward so I will leave the details up to you. I am going to assume that you gave the server 192.168.0.10

 

2. Next, you need to setup the port forwarding from within your router. All you need to do is to forward TCP here. HTTP only uses the TCP protocol, so UDP is not needed. The less protocols and ports forwarded the safer your computer

 

3. You will need to tell apache to accept requests on the new static internal IP address.

 

That should be it. Once those three steps are done, anyone from the outside should be able to access apache.

 

If a friend still can not connect, then something is not configured correctly, or your ISP is blocking that port on you (which is a real possibility)