Networking Linux with Windows

[milefile]

I'm getting a machine to use as a webserver tomorrow. I have cable internet service and know I need to get a router and some cat5 wire. Other than that I'm pretty in the dark.

I have questions.

The webserver will be just that. I will still only use the Windows machine for everything else. So I am wondering things like...

If I want to upload a file to the webserver, which is in the same room as me, will the file go out over the internet and be returned through the router? Or will it just go through the router straight to the server?

Since I won't have two IPs how will the router know to which machine it should send data?

And so on.

 

[Pako]

You could have your router act as a DHCP server. What this means is that your router or physical IP address might be 205.65.45.16 which is provided by your ISP. Using your router as a DHCP server, it can assign each device it's own private network IP address. Say in the DHCP range of IP numbers you choose 192.168.1.100~200, this will dynamically assign up to 100 different IP address for up to 100 different devices started with 192.168.1.100, then 192.168.101, so on and so fourth. At that point, both the windows machine and the Linux box will be on the same private network, where the files will not transfer out of the Private network for TCP/IP packet transmissions.

Let me know if this helps,

 

[milefile]

Thank you, It does.

How about this... I am hosting a website on the server and somebody wants to view it. They point their browser to the domain... how do they get to the server? Does it have to be my current PC IP. Which also brings me to another thing I've been wondering: How would DNS work for a webserver set up like this?

 

[Pako]

Well, since your linux box is on a private network, lets say 192.168.1.101, the internet will not be able to see it. You now have to use "Port Forwarding" on your router so that when when HTTP Protocals on port 80 hit your 205.65.45.16 IP assigned by your ISP, it will be forwarded onto the private IP of 192.168.1.101 through port 80 which is where HTTP protocals reside on.

As far as DNS stuff goes, you'll have to setup a DNS server or have your ISP provide you with a DNS entry on their servers where you can direct the 205.65.45.16 IP address for your domain.

I would suggest that if you don't have a static IP address, and are going to persue hosting, get a static IP. Otherwise, you will be constantly fighting the system each time your assigned a new dynamic IP from your ISP.

 

[Pako]

I might add, you could setup your own DNS on your server, and port forward on port 53 which is DNS. Setup a Primary and even a secondary DNS server on your box. If your ISP will do it for you, have them also add the DNS entries on their DNS server as well which will help with DNS propagation throughout the net.

 

[Pako]

And additional addition...

Each protocal resides or uses a different standard port by default. Each service that you run will have to be port forwarded on your router. Check google for list of Ports numbers and services. Only open the ports as you need them. THIS IS YOUR FIREWALL

 

[milefile]

Originally posted by Pako
Well, since your linux box is on a private network, lets say 192.168.1.101, the internet will not be able to see it. You now have to use "Port Forwarding" on your router so that when when HTTP Protocals on port 80 hit your 205.65.45.16 IP assigned by your ISP, it will be forwarded onto the private IP of 192.168.1.101 through port 80 which is where HTTP protocals reside on.

As far as DNS stuff goes, you'll have to setup a DNS server or have your ISP provide you with a DNS entry on their servers where you can direct the 205.65.45.16 IP address for your domain.

I would suggest that if you don't have a static IP address, and are going to persue hosting, get a static IP. Otherwise, you will be constantly fighting the system each time your assigned a new dynamic IP from your ISP.

I'm pretty sure I have a static IP. If they change it it's only maybe once a year.

Let me make sure I follow...

I need my domain to point to my PCs existing IP. The router will recognize the HTTP request and send it to the right machine. Right?

 

[Pako]

Originally posted by milefile
I'm pretty sure I have a static IP. If they change it it's only maybe once a year.

Let me make sure I follow...

I need my domain to point to my PCs existing IP. The router will recognize the HTTP request and send it to the right machine. Right?

Yes, basically. What kind of router do you have or will you use?

Lets assume it's a linksys.

Click on Advanced, then Port Forwarding.

Basically, all you have to do is tell the router that all TCP/UDP traffic on Port 80 should be forwarded to 192.168.1.101 (assuming .101 is your web server).

You'll also have to consider SMTP, POP3, MySQL (port 3306-3340), FTP, SSH, SSL, as well as any other specialized services you might need.

 

[milefile]

It'll be Linksys or Netgear. I'm picking one up tonight. I'm thinking probably this one. But probably only 4 ports.

 

[Pako]

Originally posted by milefile
I'm pretty sure I have a static IP. If they change it it's only maybe once a year.

Let me make sure I follow...

I need my domain to point to my PCs existing IP. The router will recognize the HTTP request and send it to the right machine. Right?

Well yes, and no. Lets assum that your DNS is on 205.65.45.16 as well as 205.65.44.3 (your ISP DNS server).

Your DNS entries will be:

ns1.yourserver.com 205.65.45.16
DS1.yourispdns.net 205.65.44.3

When you register your Domain, you have to tell the domain registrar what the name servers are which are ns1.yourserver.com and DS1.yourispdns.net.

When someone request www.yourdomain.com, the DNS servers negociates the command and forwards the packets to 205.65.45.16 which hits your router. Your router then forwards the packets on to 192.168.1.101 because of the port 80 forwarding that you have setup on your router.

Simple as pie!

 

[milefile]

Right now both of my domain name servers are the same. Why would they end up being different? Sorry if I seem a little slow

 

[Pako]

Configurable as a DHCP server or client for your network, the EtherFast® Cable/DSL Router with 8-Port Switch acts as the only externally recognized Internet gateway on your local area network (LAN). The EtherFast® Cable/DSL Router can be configured via SNMP to filter internal users’ access to the Internet and serve as an Internet firewall against unwanted outside intruders.

Looks like it will work. And being a Linksys, I'm sure the IOS has port forwarding...

 

[Pako]

Originally posted by milefile
Right now both of my domain name servers are the same. Why would they end up being different? Sorry if I seem a little slow

The more DNS servers the better. Thinking geographically, the more spreadout the DNS's are, the more redundant access to your domain will be.

you could have just one Name Server, or you could have Six specified.

 

[milefile]

Originally posted by Pako
The more DNS servers the better. Thinking geographically, the more spreadout the DNS's are, the more redundant access to your domain will be.

you could have just one Name Server, or you could have Six specified.

Ah... I see. I wsan't aware of that.

 

[Pako]

The only thing that I'm not aware of is....., if port forwarding on that IP address is sent to 192.168.1.101, then will 192.168.1.100 (the Windows machine) have browser access? This I don't know. My first feeling is that you only have one IP address... Hummm, also, I would also have to assume that port 80, by default is sent to all private IP's on the linksys routers. You may not have to port forward. I would assume, lets say that a request for a HTTP page is made, and the DNS servers directs it to your IP (now your router's IP address). The router should broadcast that request to all eth ports on the router. Once the ARP tables have been updated, the mac address on the web server should serve as the identifing resource so that the request actually ends up at the Linux box and not the Windows machine.

 

[milefile]

If an HTTP request got to the Windows machine with no webserver on it, or if it was off or something, it would just be ignored and die right there, right? And the one to the Linux machine would be answered...? Seems to make sense anyway.

 

[Pako]

Layer Three protocals depend on IP address', at layer two, your MAC address of the NIC card carries the torch. I'm really trying to stretch my brains here, but if I remember, ARP tables a storted by the router which contains MAC address and how they relate to IP address'. In that case, the router should know which private IP to send the HTTP request to.

 

[Pako]

Yep, if it gets to the Windows machine, it will respond "Not Mine" and the packet gets forwarded on to the next IP address. When the Linux server responds, the ARP table gets updated, so the next time a request is sent, it will go directly to the Linux box, without ever looking at the Windows machine. This was developed to reduce unneeded network traffic and to also reduce response time.

 

[rjensen11]

Linux user to the rescue!
You can have it go both ways, either only through the router, or through the internet as well. If you wish to go only through the router, then use that computer's local IP address, then you can upload your file to the Linux box as fast as your network card and your PC will allow it to go. If you wanted to go through the internet(there are reasons, such as wanting to test out submission forms to see if it'll accept files from computers outside its network, etc), then you could use it's world-wide URL or your hub's global IP address.

As mentioned before, you will need to forward ports. I have the 4-port model of that Router, and there are a few catches for forwarding port numbers, well mostly one catch:
There is a specific limit of how many RANGES of port numbers you can forward. This means that port no. 21 would count as one range, just as ports 3306-3340 would count as one range.

As to whether or not the Windows machine will have browser access: Yes.
In my house, I have 3 computers hooked up to our network. All three can be browsing at once. The only time you would have a problem is if you have something like, let's say two Appache servers(could be any two servers, but follow...) that are listening at port, or let's say 80, because it's the default. If you have two programs that are something like MySQL or Appache servers, in order to have both of them work, I think you would have to compromise and have one change its port number from 80 to another one, and then you could forward one port to one computer and another port to the other computer.
When working with servers and ports, however, STICK WITH THE DEFAULT PORT NUMBERS! If you choose to have your FTP port number as 80 and your HTTP port as 21, all of the people are going to try to http your FTP server and FTP your http server, which won't work.

If you have any questions about Linux or networking, feel free to email me or PM me. That goes for both of you.

Now, I'm not saying that I can answer all of your questions, but I've gathered quite a bit of experience
8^D

 

[Pako]

Here's a fairly decent port assignment listing:

http://www.iss.net/security_center/advice/Exploits/Ports/

And rjensen11, might just have to take you up on that offer. :-)

~cheers

Perhaps you could start by offering a link to a good list of chmod access numbers, like chmod 777 filename for giving full rights to that particular directory/file. But what do all the numbes stand for.. ?

 

[rjensen11]

Originally posted by Pako
...
But what do all the numbes stand for.. ?

For CHModding, each digit represents a different use group. The first digit is for the owner of the system, the second digit is for the a specific user GROUP*, and the third digit is for Public.

To have the user be able to execute, the value is 1
To have the user be able to write to the file, erase, or re-write the file, The value is 2
To have the user be able to read the file, the value is 4.

If you wish to have a combination of access rights, then add the values together, so if you wish to have the public be able to write and execute, CHMOD the file/folder 3(Because execute has a value of 1, and write has a value of two{1+2=3}). If you wish to have the user be able to read and execute, give the value a 5(1+4), if you want to give complete access for read, write, and executing, then 7(4+2+1=7). Keep in mind that when you have something such as an FTP server, you will NEVER want to give the WRITE permission to the public, because that could be devestating!

*GROUP: A group is a band of users, often on either a LAN(think Corporate) or on a single machine. Often, groups can be set up by the Root, Super User, or Owner, pretty much all the same thing in terms of what the computer thinks of the head hancho. Groups are defined in lists, which usually are only accessable by the system and the root. Groups can also be used for servers such as FTP servers, where people that log in can all have different access rights. One user might be his own group and only have access writes for one folder. Twenty users could be another group that only have access to one folder. Then five people could be another group, and have just as many permissions as the owner.

 

[milefile]

As it turns out my web server wasn't quite ready. Looks like my uncle-in-law is going to come over next weekend to help me set it up. But I have to say that after seeing it in action I know I will have to replace it soon. The computer is too slow to run any type of GUI and this is why I'll probably need help setting it up. I'll also be talking it through telnet, which is a mystery to me.

I got the router over the weekend and will be hooking up my windows machine this week. I'm glad to hear you can forward ports because I was looking forward to actually hosting my site and not just using it for testing scripts. From what I understand my ISP disables port 80, which I didn't know until after I bought it.

I was told about a local electronics store that sells a decent computer with Linux installed for less than two hundred bucks. Eventually I'm going to pick up one of those. Maybe next month.

So for now I'm still using PE hosting, which works great, unless you want the administration/networking experience as well, which I do.

Seems more and more like every day is a crash course in something. It's funny to think that I didn't even own a computer three years ago.

 

[Pako]

milefile,

Awesome!

Just a little note about Telnet sessions to administrate your Linux box..... Usernames and Passwords are sent in plain text... If your on a private network that's not a big concern, but if your NOT on a private network, I would consider using SSH which is an encrypted application that works much like telnet. For Windows, you can download putty.exe which is a SSH Client program for remote user prompt access to the command line of your linux box. Think of telnet or SSH as a virtual terminal to the command prompt of another computer. This gives you ~Full~ control given the proper username/password.

##########################################

rjensen11,

Thanks for that indebth look into CHMOD.

 

[rjensen11]

Yep, no problem about the CHMOD.

What type of machine are you using for your server? How fast is its processor? Mine is 200mhz and can run Appache well enough. I use Slackware, and the thing with that is that it doesn't rely on any GUI. Sure, if you want to, you can use one, but it boots up into text mode, kind of like the old machines booting into DOS, then you could manually start Windows 3.1 or 95. Most server programs, such as Appache, aren't reliant on GUI's, especially if all or most of your commands are done remotely. You can get Slackware at www.slackware.org

One or two things while installing:
First: Make sure you read up on how to use fstab, which is the formatting program Linux uses. What I ended up doing was having a swap partition 3x the size of my RAM,(So it was 192MB Swap Space), then I mounted my second hard drive(hdb) as my /home directory, so all of my personal settings and files are stored on that hard drive. So what you could do is have one partition set up for your /var directory, or if you have many hard drives, you could have one hard drive be mounted as your FTP space, then another as another your HTTP space, etc.

Plus, another benefit of using Slackware is that it's what most Linux users say is the best distro to start out with. That's because you understand more of what your system is doing and you also have more control over where and how programs(packages) are installed. Everyone that I've discussed with on Linux forums says it's much easier to go from Slack to another distro than any other distro to Slack.