(r3) LacieSystemSetup
Projects
---++ System setup ---+++ Create users and groups The best for some services setup is to create users and groups with the same numbers as you use on the desktop. Use program id on your desktop to obtain UID and GID. For example, runnig id on my desktop returns: <verbatim>uid=1000(petr) gid=1000(petr) skupiny=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),111(netdev),115(powerdev),1000(petr)</verbatim> That means I have to create group petr with GID 1000: <verbatim>addgroup --gid 1000 petr</verbatim> And than user petr with UID 1000 in group petr: <verbatim>adduser --uid 1000 --gid 1000 petr</verbatim> Repeat this for all your users. ---++ Recommended software ---+++ FTP server - [[http://vsftpd.beasts.org/][vsftpd]] I tested various FTP servers in debian and the best results I've got with [[http://vsftpd.beasts.org/][vsftpd]]. ---++++ Instalation Because vsftpd is included in debian, instalation is very simple: <verbatim>aptitude install vsftpd</verbatim> ---++++ Configuration ---+++ UPnP multimedia server - [[http://mediatomb.cc/][Media Tomb]] ---++++ Instalation Mediatomb is also included in debian: <verbatim>aptitude install mediatomb-daemon</verbatim> ---++++ Configuration ---+++ File sharing: bittorent, donkey, gnuttela... - [[http://mldonkey.sourceforge.net/][MLDonkey]] ---++++ Instalation ---++++ Configuration ---++++ GUI: [[http://www.kmldonkey.org/][KMLDonkey]] ---++ Firewall setup ---+++ Bridged connection This is situation, which I use, so the description is more detailed. My network configuration is shown below: <verbatim> switch WiFi _______ _____ ISP ----| VLAN1 | eth0 | | eth1 \|/ . . . . . . NTB1 | ~~~~~ |-------| br0 |--------| . . EDMini ----| | |_____| | . . . . | V | . . . . NTB2 PC1 ----| L | . | A | . PC2 ----| N | . Nokia N95 | 0 | PC3 ----|_______| </verbatim> I use switch which is able to tag packets according the incomming port. It is configured to distinguish between traffic from outside my network (ISP) and my home network traffic. All networks (vlan0, vlan1 and eth1) are bridged together, as my ISP provides enougth IP addresses. I consider my network secure as the wifi is protected by WPA2 and when someone is able to hack cable connection, he can also easily grabs the computers. Becouse some services I use doesn't support password protection, filtering is required. It can be done using ebtables. Command scheme is following: <verbatim>ebtables -I FORWARD -i __INCOMING_INTERFACE -p IPv4 --ip-protocol __PROTOCOL --ip-destination-port __PORT_NUMBER -j DROP</verbatim> where * __INCOMING_INTERFACE is where the ISP is connected - vlan1 in my case. * __PROTOCOL is transport layer protocol - tcp, udp, sctp etc. * __PORT_NUMBER is service port number For example I can filter NFSv4 with following command: <verbatim>ebtables -I FORWARD -i vlan1 -p IPv4 --ip-protocol tcp --ip-destination-port 2049 -j DROP</verbatim> ---+++ Routed connection In case of routed connection, use iptables. Commands will looks like this: <verbatim>iptables -I FORWARD -i __INCOMING_INTERFACE -p __PROTOCOL --dport __PORT_NUMBER -j REJECT</verbatim> where * __INCOMING_INTERFACE is where the ISP is connected. * __PROTOCOL is transport layer protocol - tcp, udp, sctp etc. * __PORT_NUMBER is service port number ---+++ Filtering on EDMini If you want to do filtering on EDMini, use following command to reject all packets except these originating from __ALLOWED_IP: <verbatim>iptables -I INPUT -i __INCOMING_INTERFACE -s ! __ALLOWED_IP -p __PROTOCOL --dport __PORT_NUMBER -j REJECT</verbatim> where * __INCOMING_INTERFACE is where the ISP is connected. * __ALLOWED_IP packets from this IP will not be rejected * __PROTOCOL is transport layer protocol - tcp, udp, sctp etc. * __PORT_NUMBER is service port number ---+++ Services protocols and port numbers * NFSv4: TCP 2049 * UPnP Media Server (mediatomb): * SSH server (dropbear): TCP 22 * MLDonkey Web Interface: TCP 4080 * MLDonkey GUI Interface: TCP 4001
Edit
•
Attach
•
P
rint version
•
H
istory
:
r5
|
r4
<
r3
<
r2
<
r1
•
B
acklinks
•
V
iew topic
•
More topic actions...
WebHome
Skin Browser
Need to add skin selector, and then appropriate details
WidgetsSkin
options:
Wide
Wide - Thin
Thin - Wide
Thin - Wide - Thin
Wide - Thin - Thin
Wide - Medium
Medium - Wide
Projects Changes
WebStatistics
LacieRecommendedSoftware
LacieInstallation
XMLPatch
XMLPatchExamples
WebHome
LacieSystemSetup
LacieEDMiniV2
WebLinks
HDClock
ButtonDaemon
OtherProjects
Btnd-ButtonDaemon
LacieSerialCable
LacieFirewall
powered by the community. 28th October 2008.