SOS, New server, topography, CentOS + Direct Admin problems...

thehoundog

Verified User
Joined
Jan 31, 2005
Messages
15
Location
Tx
Greetings my Computer Junky Bretheren,

I hope you all can help me so I don't have to take my own life :crap: :bomb: :eek2: because I am about to selfcombust any moment now ...

For nearly 2 years now I have leased a dedicated server from a server farm. To my knowledge in that time they have never (properly) hardened or updated the software or hardware.

So recently my "Cable Guy" ( w/Grande ) suggested that I get a static IP and run my own server for a huge savings, to say nothing of the hardware power I could pack into a local server.

So like a big fat dumb DORK, I started buying parts and have built a fantastic server on which I have loaded CentOS 3.4 and purchased Direct Admin for. No Direct Admin yet, they had problems connecting to do their install.

- Cable Connection ( 8/1 mgbt ),
- Siemens Speed Stream 10/100 Router ( model no: SS2604 )
- New server that is very powerful ( and not really the problem),
- CentOS + IP tables, BFD, grsecurity, etc...

I am not a host per say, but I do have several personal projects and I do provide several friends and non profits hosting for free, including a couple IP based domains.

myQuestion:

What am i doing wrong?

1) in my topography for example,
- I mean, I can't scrap the router for security reasons, but running server + 2 workstations is a problem.

- what do all the other SOHO businesses do to have workstations and a web server with one connection ?

2) What ports are required for minimal Hosting ? ftp, web, mail, etc.

3) if I define those in the router will that make the web server work ? SSHd for example.

4) Some one called what I am doing quasi legal - is that right ? I'm a SOHO, what gives ?

5) Do I have to get another Static IP address or is the one I have sufficient ?

6) What about the name servers ?
- 1 is designated from my server ( ns1.myserver.com )

what about # 2 ?

currently, with the server farm, I have an NS1 and NS2.

But what if my server goes down, I need a NS2 so people using the server can at least find a cache of the server, that way they don't think it disappeared... Right ?

Please. All input is greatly appreciated...

Just note this before writing please, I am vested, I've spent the money, now making it work is the only solution, so staying on the server farm is not an option. Than you for your understanding.

RJ
 
thehoundog said:
For nearly 2 years now I have leased a dedicated server from a server farm. To my knowledge in that time they have never (properly) hardened or updated the software or hardware.
Most companies who rent dedicated servers expect you to do it all yourself. Anyone looking for a dedicated server solution who wants their server managed needs to look for a managed server solution. Or hire an outside manager. (Yes, I'm prejudiced, because we offer both.)
So recently my "Cable Guy" ( w/Grande ) suggested that I get a static IP and run my own server for a huge savings, to say nothing of the hardware power I could pack into a local server.
He did you a huge disservice. However I understand the last sentence in your post, so I will attempt to give you usable advice.
So like a big fat dumb DORK, I started buying parts and have built a fantastic server
You have probably overbuilt. For example, an i386 processor running at 100Mhz can saturate a T-1 line and your upstream bandwidth as stated in your post is only two thirds of a T-1. But as you say, that's done.
on which I have loaded CentOS 3.4 and purchased Direct Admin for. No Direct Admin yet, they had problems connecting to do their install.
Good choices. They most likely cannot connect because of how your router is working. More below. But for now: can you connect to any outside network from the server?
Cable Connection ( 8/1 mgbt ),
1 mbps up isn't that great these days; for example, I have a 3mbps downstream and when I download from your server I'll be pulling all your bandwidth. If your sites aren't visited much, that might work for you, but I can't help but wonder if before you settled on 1 mbps up you checked with the data center where you've hosted for the last several years to see what your average upstream is now? (The 8mbps down is almost totally wasted; it's used only when people upload to your server, and very few of them have more than 384kbps up.)
- Siemens Speed Stream 10/100 Router ( model no: SS2604 )
I don't know anything about that router and I don't have time to study it, so instead I'll tell you what it must have for your solution to work:

It must have the ability to "pass through" data on the same IP# to specific ports inside your network, WITHOUT Network Address Translation (NAT). If it can't do that it won't work.

And I don't know of a single "home networking" router that can do that. If you know it can do that, then please let me know.

If it can do that, then you need to "tunnel" all the ports you need for webhosting, email, ftp, etc., through the router, from the Internet, to your new server, without changing the IP#.

Most routers can set up port forwarding but I don't know of any that can do it on the same IP#.
- New server that is very powerful ( and not really the problem),
- CentOS + IP tables, BFD, grsecurity, etc...
You're right; this is NOT the problem.
I am not a host per say, but I do have several personal projects and I do provide several friends and non profits hosting for free, including a couple IP based domains.
You won't be able to easily host IP-based domains unless you have multiple IP#s. Sure you can use something like http://192.168.2.3/domain1 and http://192.168.2.3/domain2, but you can't do that with seperate domains under DA. And probably can't with any other control panel either (someone please correct me if I'm wrong).
1) in my topography for example,
- I mean, I can't scrap the router for security reasons, but running server + 2 workstations is a problem.
Unless the router will do what I've mentioned it may not work for you. You may be able to replace it with another, but the only routers I know of that can do it cost at least as much as your server.

You can get around the problem by getting multiple IP#s from your cable company (I hope they charge less than the $20/month/IP that my local cable company charges). Then you can put a switch or hub between your cable modem and your router, and connect your server OUTSIDE your internal network. Then you won't have the protection of the router for the server, but right now that protection is costing you your connectivity.
- what do all the other SOHO businesses do to have workstations and a web server with one connection ?
I can't speak for all the other businesses doing it, but my guess is most do what I'm doing, which is what I described above (except that I use aDSL rather than cable, and I don't use my connection for hosting; I do that from my systems at the nearby Level3 data center).
2) What ports are required for minimal Hosting ? ftp, web, mail, etc.
20, 21, 22, 23, 25, 53, 80, 110, 113 (some people keep 113 closed but that will cause some connection speed issues for some software), 123, 143, 443, 2222, 6277. I may have missed some; I'm not currently looking at a system, but only an old list posted on the bulletin board on the wall.
3) if I define those in the router will that make the web server work ? SSHd for example.
Only if the router can pass them through on the same IP#, and NOT use NAT on them. If the router can do that, then it should have a separate Ethernet port for that.
4) Some one called what I am doing quasi legal - is that right ? I'm a SOHO, what gives ?
Most Cable Companies have Terms of Service that don't permit what you're doing. Your cable company may allow it, but if they allow it for your SOHO, they may not allow it for any other domains other than your own. Your "cable guy" may have no idea what the legal Terms of Service are, but they're still binding.

Additionally, most cable companies won't supply you with reasonable reverse DNS, and won't allow you to do it yourself, so anyone who sees your connection and does a reverse DNS lookup on it will know you've got a cable connection. If the cable company publishes your IP# as a cable connection for which they recommend no email be accepted, you might find many other networks/ISPs won't accept email directly from your cable connection. They might even filter out all traffic on certain ports; you'll have to ask them.
5) Do I have to get another Static IP address or is the one I have sufficient ?
See everything I've written above. One static IP# for every IP-based domain, one for shared webhosting, one for each secure cert-protected site, and one for your internal network (the home network you're protecting with your router).
6) What about the name servers ?
- 1 is designated from my server ( ns1.myserver.com )

what about # 2 ?

currently, with the server farm, I have an NS1 and NS2.

But what if my server goes down, I need a NS2 so people using the server can at least find a cache of the server, that way they don't think it disappeared... Right ?
I agree with you, though these days many hosting companies don't bother, and DA makes it less than easy to automatically replicate DNS across nameservers. I don't want to say too much more because I'm in the slave nameserver business; I wouldn't want anyone to say I'm advertising my own products :) .
Please. All input is greatly appreciated...

Just note this before writing please, I am vested, I've spent the money, now making it work is the only solution, so staying on the server farm is not an option. Than you for your understanding.
All I've said notwithstanding, there are a lot of people hosting from home. Since you're not doing commercial hosting you may be able to get away with it.

Jeff
 
Back
Top