[kwlug-disc] (John's) Home Servers? {Was: Re: (Home) External Storage?}

john at netdirect.ca john at netdirect.ca
Fri Jul 31 17:05:29 EDT 2009 

kwlug-disc-bounces at kwlug.org wrote on 07/31/2009 03:20:54 PM:
> John, sounds like you have effected what I have merely ruminated 
> about, repeatedly over the years, but never effected. [Part of my 
> ruminations has been over what all to put into a 'home server' - 
> discussions of which have all but turned into flame wars at linuxmce.]

We do servers like these all the time for business customers so all the 
hard work figuring out how has been paid back by paying customers. We've 
also been doing it for years and grew from simple file share systems with 
shared internet access to full-blown everything-small-business-wants 
servers. We used to call them "Open for Business" servers. That was before 
HP stole or re-created the term.

I really haven't gotten into home automation so it's just home networking, 
voip, and media.

> Care to list a 'high-level' overview of the process you went through?
> e.g.
> - started with CentOS, I presume. (TrixBox? MythTV?)

I've used Fedora in the past but this last incarnation was Mythdora, just 
to ease the issue of installing and configuring Myth. I took the easy way 
out on that one. I purchased a Hauppauge HD-PVR and using it requires an 
SVN release of Myth. Rather than compile it, I think I'll move the server 
to Fedora 11 and install the SVN.

I also have an AppleTV front-end for Myth. It's working, except for the 
remote, so I have to VNC from my notebook to select recordings. I'll have 
a Mac around the office soon so I can try working with Myth to get remotes 
working.

> - added dns

Used ISC bind, to serve my home network I used home.vanostrand.com as the 
domain.

> - added dhcp

ISC DHCP.

> - added iptables (Guarddog?)

Years ago I created a script to make rules easier to keep track of for 
customers. It's a set of shell functions that allows one to make a bash 
script that looks like this:

    Interface $INTERNET
        Source Any
        Destination $SERVER1
              Expose 192.168.1.16 tcp 80 443

All the keywords (Internet, Source, Destination, Expose) are just shell 
functions that either set variables or run an iptables commands. i.e.

Interface() {
    INTERFACE="$1"
    SOURCE=""
    DESTINATION=""
}

Source() {
    SOURCE="$1"
}

Destination() {
    DESTINATION="$1"
}


Expose() {
        iptables -A FORWARDING ...
        iptables -A PREROUTING -t nat ....
}

> - added big disk

Pretty straight forward used LVM and configured it during installation.

> - mirrored

Nope, but it's easiest to setup during installation. There are more 
complex methods to change to it. It probably only seems safe for people 
who understand the boot process, initrd and are comfortable with LVM 
initialization.

> - added vpn

Moved from an ages old ppp-over-ssh to OpenVPN but others would have to 
see their network admins for specifics. From outside I used ssh tunnels to 
access home resources.

> - added VoIP

This is specific to my situation. My home phone is an extension of the 
office. I moved my home number to Unlimitel and use it as a DID to direct 
calls home without the Net Direct IVR playing. Some callers are surprised 
to hear on-hold music when I answer call-waiting.

I use a Sipura (now linksys) ATA and it connects directly to the office 
PBX.

When I moved into the new house the telco demarc was in the garage so it 
wasn't easy to split my internal phone wiring off the POTS service so that 
I could use all the jacks in the house for phones. I needed to keep it 
connected for the DSL connection. I could have run the DSL on the outside 
pair of wires and disconnected the internal pair. But I wanted to try my 
cordless phones' shared-base-station method. It worked alright.

In the spring I pulled cat 5 to the garage and put in a patch panel in the 
basement so that I could run DSL to the panel and modem and split the home 
phone wiring. 

It was this task that reminded me what I gave up when I went voip. With 
Bell/Telus/??? I would have just moved in and it would have worked.

> - added rsync (via Samba?)

I used RSYNC through SSH. I had Samba configured on the last system, but 
there wasn't much need. I do use NFS to share some files. I work pretty 
fast and loose at home since the wife and kids only rely on Internet 
access.

Identity keys are needed to do this automatically.

> - added Mediatomb

That was harder than it should have been, but in the end it turned out to 
be easy. It's my Kodak wireless picture frame that can't be configured to 
start streaming pictures from Mediatomb on power-on.

> - added apache

Basic for us, we do that all the time. I dropped Drupal on it so my son 
could play webmaster.

> - might have added e-mail (Courier?)

If I put email on it would be cyrus-imap/sendmail with a web-front end as 
well so I can check while away.

> - therefore might have added spam filter (SpamAssasin?)

I'm used to scanning mail for lots of domains so I don't know what I'd do 
if it were for a few email addresses. I might choose a less resource 
intensive program like spamassassin. There are lots of niche ways to 
combat spam including special configuration of sendmail or greylisting.

Other additions are:

- Wireless access point, Linksys WRT54GL with OpenWRT flashed on it.

- Since moving into the new house (with finished basement) the kids needed 
Internet access quickly so I thought I'd try D-Link's DHP-300 
Ethernet-over-power option.


John Van Ostrand
Net Direct Inc.
 
CTO, co-CEO
564 Weber St. N. Unit 12
map
 
Waterloo, ON N2L 5C6
 
john at netdirect.ca
Ph: 866-883-1172
ext.5102
Linux Solutions / IBM Hardware
Fx: 519-883-8533

More information about the kwlug-disc mailing list