Home Server

Intended Audience
Generally articles regarding particular setups are discouraged, as they should be, but this article is being kept alive for the sake of those who are new to Gentoo. This article intends to be simple and decently explanatory, so please add any extra hints that might have been forgotten. Often times setting up a home server can be the driving force behind learning Gentoo, and this article is intended to make your transition easier.

Of course this article certainly can not cover every setup, so make sure to cruise to wiki for more detailed information once you are ready.

If you are really new to Gentoo, then it is suggest you go over the whole wiki before starting.

Prerequisites
You must already have an installed, working, and up-to-date gentoo system. If you haven't done that, visit the Gentoo Handbook

Next, set everything to UTF-8. If you don't know how to do that, follow the UTF-8 wiki and Using UTF-8 with Gentoo. The reason this is important, is because I am assuming that most things connecting to this box will be windows clients, and further more, for universal conformity; UTF-8 is a global standard, if you are unfamiliar with it, please visit wikipedia.

Basic understanding of Gentoo or at least some form of Linux.

Basic understanding of TCP/IP concepts.

Finally, this wiki assumes you are using the following technologies and they are in physical working order:


 * CPU -- This computer can be pretty basic, I recommend at least a 1Ghz with 512MB of ram. A simple VIA based board can run this setup.
 * Hard Drive -- size is up to you, just depends on what you do with the server. I went with a 30.
 * Optional: RAID5 (3 more hard drives) -- We are going to do this as a software raid because they are really safe and secure. To accomplish this you need at least 3 drives and you want them to be the same size. If you are using the server simply for the networking, then don't worry about this. You can also just use one drive if your house hold doesn't use much storage.
 * Switch/Hub -- Basic networking device which interfaces multiple ports, leaving the routing work to your box. Necessary if you can't install as many ethernet cards on your computer as the number of connections to make.
 * Two Ethernet Ports -- Doesn't matter if they are cards or on board, just as long as the kernel supports them.
 * Optional: Wifi Card -- There are many different cards that will work for this task, but I suggest the Atheros Chip set based cards. They have a long support history with linux. If you decide to go with Atheros, you can spot them with the 108Mbps sticker, it's their proprietary technology. If you have spare cards lying around you can check the Compatabiliy site to see if it's supported.

Your network should look like this... ,-,      ,-,           ,--,    /Comp1 |modem|-(wan)   gentoo    (lan & ath0)-|switch|-Comp2 '-'      '-'           '--'    \Comp3 And your hard drive scheme like this...

sda - small, os and web cache only sdb-sdd - raid 5 drives. can be more than this, but at least 3

Check Your Log Files
While you are doing anything in linux, make sure to check your directory. There is tons of good info in there.

If you are really new to linux, here are some basic commands to check things out.

cat - will print out the file in the terminal, bad for long files

less - will display the file in a scrollable format similar to man pages.

tail - will print out the tail end of said file into the terminal

tailf - will do the same thing as tail but then continually watch it. (Press Ctrl+C to quit.)

grep - will print out the lines that contain a certain word, for example,

would print out every line in that contained the word 'dnsmasq'

A lot of things will end up in, it's where the system logger logs stuff.

And of course don't forget to check your man pages. i.e.

Kernel Config
This kernel config does not include wireless support as of yet.

Getting Started
First, I am going to assume that you have gone over the provided file, and made sure yours looked the same. Obviously feel free to customize it however you see fit.

Make an Admin account
We need to make an admin account for you to work from, because it is unsafe and unnecessary to work as root all the time. If you need to do something, you should be in super user.

-m Creates a home dir for that user -G assigns them to certain groups This creates with su privileges and they are also in the root and users groups.

Rename NICs
Next we are going to change the names of our network interfaces to make our lives a little easier later. So open and change the names of your corresponding ethernet devices. Here is what mine looks like:

After doing this you also need to rename the rc-scripts associated with them (Supplement lan and wan accordingly) and make sure they start on their own.

Setup the LAN
Now we want to make sure our is configured properly.

Turn on and Configure SSH
Now we want to start ssh with boot-up and make it so no one can ever log in as root remotely.

And start it at boot.

Rebooting
Now, if you haven't already done this, turn off the computer and pop in those RAID drives. Either way, reboot your computer. On this reboot it might also be a good time to make sure that your bios doesn't try to boot to one of these drives you're popping in, and make sure that your modem is plugged into the card that you decided to call 'wan'

or

Optional: Wifi
This part can be very tough, and is certainly out of the scope of this wiki. It's pretty cool if you can do it though. So, if you feel so inclined, you should visit the Wireless/Access point wiki page or the Madwifi Wireless Access Point wiki page.

Routing
At this point in time your box doesn't really do much, that will change shortly. In this section we are only going setup simple routing.

DNS & DHCP Server Using DNSmasq
Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file.

DNSmasq does have the advantage of being really easy to work with and encompasses a lot, so that's what we are going to use. Let's go ahead and emerge it now.

Then configure it...

Now we want to make sure it starts up with boot

And why don't we just start it up now

If there are any problems, check your log files and your config file, to make sure it's not something simple

NAT or 'Masquerading'
At this point, people on your network can talk to each other and they can look up hostnames via DNS, but they still can't actually connect to the internet.

This is where Network Address Translation (NAT) steps in. NAT is a way of connecting multiple computers in a private LAN to the internet when you have a smaller number of public IP addresses available to you. Typically you are given 1 IP by your ISP, but you want to let your whole house connect to the internet. NAT is the magic that makes this possible. For more information about NAT, you can always visit Wikipedia.

To accomplish this, we are going to use iptables.

Once iptables is installed, you'll want to make a script that you can run, that sets your iptables settings. This way editing and reviewing can be made much easier.

The following script was taken from the Home Router Guide. It sets up a very basic firewall which allows all intranet traffic, allows people to connect to the web, allows you to ssh in, and blocks all other ports.

To make the file executable we chmod it to be executable

We are also going to want to turn on ip forwarding so lets make sure that's enabled now and always

Run the script to setup masquerading

Start up iptables and see if it worked

Now, your computers that are connected through the box should be able to connect to the internet. In other words, go take a minute to make sure it worked.

File Sharing
OK, right now all you have is a really cool router, but of course, you want to do more than that...

Setup RAID
What's the point of having a server if you aren't storing things on it, right? There are many different storage configurations, each one good for different situations, So if you have any interest in setting up a RAID array, please visit the RAID wiki page. For the purposes of this wiki, we are simply going to go over mounting.

ClamAV
"Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library."

Having an anti-virus is just a plain good idea, and ClamAV will be incorporated in later sections. As always, I recommend you visit the official gentoo ClamAV wiki page along with the offical ClamAV wiki.

Start by emerging

Configure as you like, but the defaults should be fine.

Go ahead, start it, and make sure it always does so.

Samba with ClamAV Scanning
Explaining Samba in this wiki would be beyond my scope. But I do recommend that you familiarize yourself with it by visiting the Samba wiki page.

Further more, especially if you are new, I recommend you check out the section on setting up SWAT, it's a web interface that makes configuring Samba much easier.

For this example I am going to include ClamAV on-access scanning, which requires a very specific set of USE flags for samba.

Then make a user account that will handle all samba connections.

Setting up Samba for the first time can be a real pain sometimes. So here is a good configuration that will setup a completely public share (no passwords, and users can modify all) and includes on-access virus scanning.

If you notice the vscan-clamav.conf line, then you probably figured out that we need to make that file. There is an example one included with Samba when you use the oav flag, so you are going to copy it to the directory and then change a few things.

Now you need to change a few things, and of course, configure anything else as you see fit.

Now all you need to do is start it up add it to rc. Make sure to check the logs if there are any errors

DenyHost
I imagine this whole setup process didn't happen in one day so go ahead and check your logs to see just how many attacks you have had...

Bet you'll see a bunch of failed login attemps.

To prevent this, I suggest you visit the DenyHosts wiki page. It's easy to setup, and keeps the bots out.

Port Management
So you remember that iptables script you made a while back? Here is where it comes in handy.

So let's say you want to open up port 6890 to the server because you decided to install rTorrent. Just find the line where we opened up ssh, and add this line after it.

Forwarding ports is done in a similar fashion. Let's say you want to forward xbox ports, just add the following line to the same section. Note the use of tcp and upd accordingly.

QoS/Traffic Shaping
QoS packet scheduling enables you to manage bandwidth for your home server, that way no one gets left behind. There are a few different ways to go about setting up traffic shaping, but probably the two easiest ways are CBQ and HTB. Since they both are about the same in terms of setup, it is recommended that you use HTB, as it possesses benefits over CBQ.

If you are an experienced linux user, I recommend you look into HFSC, it seems to be more well adapted for environments that include things like VoIP and xBox. The down side is there is little documentation, and no nifty little scripts for simple use.