Build a linux firewall

A few months back, we put together the Build-It: Home Linux Server to act as your home's "digital furnace." In it, we focused primarily on the hardware side of things, and the project turned into a kernel recompile adventure to address an issue with the 2.4.18 kernel and the Intel 845 chipset.

ET community members wanted to see more time spent on configuring the software side of things, and so to that end, we're back today to show you not only the component list for a solid, basic Linux server, but also what to install and how to configure some essential network services.

This piece is aimed primarily at users bringing up a Linux home server for the first time, and so we'll focus on basic configuration issues. Along the way, we'll point you to other online resources that address these services in much more depth for those looking to go deeper.

This story is broken up into the following sections: The Hard Stuff: Our Hardware Configuration What's Changed: New things we've added Installation How-To: Red Hat Samba SWAT User Lists Shares Apache Web Server Firewalls Final Thoughts You can read through the article sequentially, or jump to the section of interest using the table of contents below, or the links above. So with the stage set, let's get this party started.

First, let's revisit the hardware load-out we first showed you a few months back. Actually, not a lot has changed in the way of components, since the system we first put together used parts that in some cases could be considered overkill for a home server.

One of the recommendations we first made was that if you've got an older Pentium-III or even Pentium-II-class system that's wheezing as a desktop rig, with a bit more memory and a decent-sized hard drive, that system could be repurposed into a fine home server, and you could take the money saved and invest in new desktop system hardware. That recommendation still stands.

But if you've decided to build a home server from the ground up, your component choices are going to be a function of how much workload you're planning on throwing at this box. If you only need to share some files and host a printer queue, then your processing horsepower needs drop considerably. But if this machine is going to be hosting web pages on the Net, and you're expecting any kind of traffic, then you need to consider bigger iron.

The system we've specified here is designed to handle a decent amount of file-server traffic, as well as serve up a good number of web pages. This may be more system than you need, so feel free to dial back the components to taste and pocket the savings.

Bill of Materials

Component Maker/Model The Skinny Price Check prices Case Antec SX1040 easy access, no busted knuckles $109.00 check prices Power Supply Antec PP412X included with case $0.00 CPU Pentium 4 2.4GHz 533MHz FSB $153.00 check prices Motherboard Intel 845GEBV2 onboard graphics & LAN $120.00 check prices System Memory Corsair 256MB PC2700 DDR $40.00 check prices Graphics Card Motherboard-integrated $0.00 Network Card Motherboard-integrated $0.00 CD Burner Lite On LTR-48246S 48x24x48 CD-R/W drive $44.00 Hard Drive Western Digital WD1200JB 120GB drive for data volume w/8MB onboard cache $140.00 check prices Display KDS V-55p Basic 15" monitor $100.00 Keyboard Logitech Access $15.00 check prices Mouse Logitech First Wheel Mouse $15.00 check prices Distro Red Hat 8.0 Easy insallation, good config tools $0.00 TOTAL: $736.00

What's Changed The main changes we made to this system config was to swap in an Intel motherboard with integrated graphics and Ethernet, knock the amount of system memory down to 256MB, and swap in Red Hat 8.0 for SuSE 8.0 Pro. We also found a less expensive monitor and CD-R/W drive as well.

The primary goal for all the changes was to push the cost of this server as low as possible. Through these changes, along with component price drops, we were able to shave just over $400 off the cost of this system --a 36% price cut--and still deliver roughly the same performance.

True, running with 248MB of system memory (Intel integrated graphics uses a minimum of 8MB for its frame buffer) will cut into file-server performance, since the OS will have less memory to use as disk cache, but unless you're absolutely hammering this server with file I/O, it's performance you won't really miss.

If you can scavenge an old monitor, keyboard and mouse, you'll be able to skim another $130 off the bill of materials, bringing the total cost down to about $600, and again, you're not leaving any performance on the table to get this savings, just repurposing some aging components in the autumn of their years.

In terms of distro choice, we still like SuSE a lot, but we also like the direction Red Hat has taken with incorporating more graphical configuration tools into the core installation. SuSE's YAST2 configurator is still a very solid tool as well, and in truth, either distro can be downloaded at no charge, although finding available mirror sites for SuSE 8.1 is a bit more difficult than it is for Red Hat 8.0.

Installing Red Hat is a joyously simple process. The only real "trick" per se is to ensure that you select the right packages for running a server; namely Apache, Samba (which Red Hat calls "Windows Server") and the rest of the needed server packages, which we'll run down for you here.

Upon bootup, Red Hat's Anaconda installer utility will almost always bring you up into Red Hat's graphical installer. Stepping through the wizard-like installation steps is a pretty painless affair. When RedhHat asks you which type of installation you'd like to do, select Custom.

Select the following packages according to what services you want this machine to provide. We recommend installing the following: Editors Server Config Tools Web Server (installs Apache) Windows File Server (Samba client & server) FTP Server Network Servers (DHCP server) Administration Tools System Tools (add Lokkit for Firewall configuraiton)

Once you've selected your packages, proceed with the install, which will take about a half-hour. After it completes and you've rebooted the system, it's time to configure those network services to get this box in action.

We're going to do all of this configuration while logged in as root, since these system tweaks need all the uber-power that only the root user contains.. Once these tweaks have been made, we STRONGLY recommend logging out and logging back in as a non-superuser so as to avoid any accidental trashing of system settings – no tears, please.

On with the show...

Samba, along with technologies like WINE, are a kind of "missing link" technology that allows Linux and Windows machines to peacefully co-exist on a network. If you're looking to offer up shared files and a public printer queue, then Samba is in your Linux future. The official Samba web site has plenty of in-depth documentation, which you'll probably need at some point. This is definitely one of those iceberg technologies where one order of complexity lurks on the surface, yet many more layers of hidden intricacies lie further down. The good news is that unless you're a passionate bit-twiddler, you can probably ignore most of the stuff below the water-line.

As it turns out, the official Samba site has put out a bulletin citing a serious security flaw in earlier versions of Samba, where an intruder could gain root-level access to a system running a Samba server and wreak all kinds of havoc. The site has made available version 2.2.8, which we HIGHLY recommend you download before configuring Samba. You can download the latest version here.