Hardware
I bought a nice 1.5GHz Pentium box from Tranquil PC. It has a 250GB disk, and 3 Ethernet ports (one of which is Gigabit). It has no fans, and is almost completely silent (I can just about hear the hard disk running if I am within 1 metre of the box, on a quiet night).
Network
I have 3 networks in the 192.168 range. One is for the ADSL router and anyone borrowing my Internet connection (the unsafe network). I then have two internal company networks, a Gigabit one to my main work machine, and another for all the other machines and printers.
Software
I installed CentOS 4 Linux on it. Then I added Bill Shupp's Qmail Toaster to provide a complete email solution.
DNS
I have set up the BIND DNS server to provide 3 DNS views
- Queries from the Internet return my fixed IP address for all public-facing host names.
- Queries from my neighbours return local IP addresses for all public-facing host names, and for the ADSL router.
- Queries from the unsafe network return local IP addresses for all public facing names, and also resolve names for every machine on all the networks.
This took a while to work out how to do. In the end, I subscribed to O'Reilly Network Safari Bookshelf which lets you read most of their publications online, and I read "DNS & BIND Cookbook" By Cricket Liu. This helped a lot, and is far more informative than the BIND manual. Here are the config files.
DHCP
I set up the DHCP server to provide DCHP addresses for all my networks. Fixed addresses are provided for most of the machines on the work networks. WPAD (Internet Explorer automatic proxy configuration information) is also provided, using a wpad.dat file on the web server. When it allocates a non-fixed address (for my work laptops, or for visitors), DHCP updates the work DNS zones. This means I can address any machine by name from within my work networks.
Web proxy
I set up the Squid web proxy to provide proxy services for all the internal networks.
File server
I set up Samba to provide a large backup directory for all my Windows machines on work networks only. For the main machine, connected via Gigabit Ethernet, this provides a very fast backup disk. I use Drive Snapshot to make backup images. I also use Unison run using the Windows scheduler to keep an additional backups of important files.
Mail server
Bill's qmail toaster talked me through installing qmail (an improved mail server), vpopmail (makes it easy to handle mail for more than one domain), courier-imap (IMAP and POP servers), SquirrelMail (webmail), SpamAssasin (anti-spam), Clam anti-virus, and a few other bits and pieces to glue it together. I also use fetchmail to collect my trumphurst.com email from SpamCop and feed it into the system. SpamCop does detect and trash about 2000 spam emails sent to my trumphurst.com addresses each day, but it still lets through a hundred or so. I use the Bayesian filters in SpamAssasin to get rid of these.
LogWatch
CentOS comes with a program called LogWatch installed, which goes through the numerous log files generated daily by almost everything in Linux, and emails the root user with a summary of the important stuff. This works really well, except that the the version of LogWatch installed with CentOS doesn't cope well with the multilog log file output favoured by qmail. Upgrading to the latest version from logwatch.org fixes this (and quite a few other minor inconveniences).
Webmin
I did toy with webmin, but I found it didn't work well with my virtual server setup in Apache, it didn't seem to understand the views I set up in BIND, and I generally felt it wasn't sufficiently flexible to cope with my requirements.
No comments:
Post a Comment