Re: Linux or BSD alternative to Windows Home Server

On Sun, 02 Sep 2007 22:27:48 +0000, dh003i wrote:
<snip>

My questions were about Gentoo vs. Linux for a sever, and the relative
merits of each. Maybe I should re-state them more clearly:

Caveat: I'll answer your specific questions in more detail below. Keep in
mind that I am not using Gentoo, or any of the BSDs. I use Slackware
Linux (most recently, Slackware version 12.)

1. How does fBSD stack up in security vs. oBSD for my purposes? (and
also vs. Gentoo?) I will probably eventually have a dedicated firewall
box (replacing the wireless router) between the cable modem and the
server, like this

Sorry, I can't advise you because I don't use any of the BSDs. The BSD
firewall code is well regarded, but there are only so many hours in the
day. I came to GNU/Linux from Windows, and its firewall features
(especially IPTables) have been sufficient for my needs. BTW, I learned
almost nothing when using Windows. I only realized there was more to learn
upon switching to GNU/Linux. The guides and howtos at the Linux
Documentation Project is how I got started.


[Cable modem] <=> [Wireless Router] or [dedicated firewall] <=> [Home
Server] <=> [Wireless Router] <=> [Laptops]

2. Are there any benefits to having multiple firewalls in place in
serial...e.g., right now, I have 2 wireless routers in serial; if I
get a dedicated firewall box, I would have 1 dedicated firewall and 2
router firewalls in serial (possibly). Or is this just useless?

It depends on your design requirements. Multple firewalls are most often
deployed to isolate more trusted resources from less trusted resources.
For example, if you were to have a file server which is accessible
to users on the internet, then it is probably wise to isolate that server
from the local network. A primary firewall could be used to regulate
overall incoming traffic to a group of servers. Simple servers can
regulate their own traffic. In your case, some entries in your block
diagram might be combined.

I don't know the specifics of your setup, but I think this is an alternate
topology to consider:

+- GNU/Linux Server (Built in firewall)
|
[Cable modem] -+- [Wired/Wireless Router ] <=> Laptops, Workstations, etc.

This assumes that your cable modem is using NAT to hide a local network
on its LAN side (say, 192.168.0.0/24). You should be able to access and
administer your GNU/Linux server through the common connection (network)
provided by the cable modem. In this case, setup the cable modem to do
port forwarding for the specific service ports. From there, the GNU/Linux
server will deal with the specific requests it receives, and can
begin handling them using an IPTable ruleset. An example of a
useful IPTable rule is to setup rate limiting on ssh, which discourages a
lot of casual attacks.


4. I've since learned that FreeBSD and Gentoo support 64-bit processors
fine. However, what about the server applications? (This is again
something I learned nothing about, as I am still using just 32- bit
processors; I figure my server will be 64-bit).

My systems don't have enough memory to worry about whether they are 32 or
64-bit. Some major distributions have versions which have been
precompiled for 64-bit. There is starting to be more interest in 64-bit,
but RAM is a limiting factor for a lot of systems. 32-bit systems have
quite a bit of life remaining, IMO.

5. One of my foreward-looking concerns is scalability & ability to
upgrade: possibility to upgrade to numerous HD, multiple CPUs, multiple
GPUs, RAM, etc. Thus, my concerns here are the limits in Linux and BSD
on hard-drive space recognizeable, and RAM recognizable.

It would be nice. However, almost every new generation of motherboards
requires wholesale replacement of the CPU, memory, motherboard, and
possibly the case and power supply also. If cost is no object, then the
sky is the limit. Personally, cost is an object for me. I try to keep cost
in check. For example, I have just started upgrading the P-III
architecture boards which I have used up until now. The Intel Core 2
architecture offers a 10x to 100x performance boost. I think I have
probably saved a lot of money waiting for a compelling upgrade. I forsee
that the new Core 2 boards that I am rolling out will have a long life,
too.

6. I'm aware that I could probably create scripts to regularly backup
certain files, and use BASH shell commands to specify a schedule for
such; but I was wondering if there were utilities for this. And also,
streaming of photos or video or music to the TV or stereo system? Is
that possible?
Making backups is a big topic in itself. It can be easy, or it can be
relatively complex. People tend to roll out solutions which "fit" their
needs. One solution that I often recommend is to take a snapshot using an
external disk, either to the storage on another network computer, or
directly to an external disk (USB 2.0). I see that a lot of people on
these groups recommend Amanda, and similar programs. The goal of these
programs is to provide a self-booting backup set.

I have no experience with streaming. I know that any two computers are
free to communicate over the network. The network apps you want probably
exist. I administer, send/receive files, run applications, etc. all using
ssh.

7. Finally, the nicest backup features of WHS that I saw were
incremental backups, and efficient single copy backup. If a file's
already backed up, it only backs up changes; likewise, storing only 1
copy of the same file as a backup, if there are multiple copies of that
file in the home network. Are there utilities in BSD or Linux to do
this?

Incremental backups can be easy or hard, too. In the simplest case, you
only need to compare two file listings and look for differences. Changed
files are selected for backup. Use the backup tool of your choice- I often
use tar.

For more complex cases, where files may be open which are being backed
up, then more advanced tools are probably required. Newer Windows versions
have the ability to create automatic snapshots in the background, and
somehow track versions for you. The facility most similar to this in
GNU/Linux, AFAIK is the Linux kernel's device mapper facility.

More infor about Device Mapper...
I did some experiments recently with device mapper snapshots. This
article is a good starting point:
http://linuxgazette.net/114/kapil.html

BTW, a lot of the facilities provided by LVM v2 are really a higher level
interface to device mapper. Using LVM v2 is probably more appropriate
than using device mapper directly. LVM handles the details of setting
up device-mapper's targets. The snapshot-origin target allows a file
to be backed up in a prior fixed state, while it is allowied to be
changing at the same time in another view. However, I noticed significant
performance degradation in my simple tests when using the snapshot-origin
target. A quick google shows that the kernel developers are aware of this
problem and are working on changes to the kernel IO design which will
address the problem and simplify the IO architecture to avoid corner
cases. I think that I noticed the speed problem because I have become
accustomed to speedy file transfers, even when using journalling file
systems, such as XFS, and other device mapper targets, such as dm-crypt.)
Also, device mapper's snapshot does not suffer the same performance
degradation as snapshot-origin.

In short, I am impressed with the work which has been done building the
framework on the Linux kernel. Windows may offer similar features, but as
I said earlier, I choose both free (price) and freedom (free to utilize
as I see fit).

--
Douglas Mayne


.

Relevant Pages

  • Re: LINUX Firewall
    ... there is merit on not having your SBS ... linux firewall server in really doesn't offer any additional security. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Linux box as firewall
    ... PPTP VPN server ... Support for CGI and PHP ... Subject: Linux box as firewall ... > elegant in design than Linux. ...
    (Security-Basics)
  • Re: Copying/Moving D2007
    ... Apart from the time it takes to backup 30GB back and forth, it should not, no. ... Which Linux distro? ... I am using PCLinuxOS 2007, which is a desktop distro, meaning that it is not very active in the server are for example in their repository PostgreSQL is old .. ... In fact I tend to create VMs for specialised ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Which Linux OS best for beginner to setup as Web / Mail server / Internet sharer and firewall?
    ... >>I don't want to start a flame war, but in my experience OpenBSD is best ... >>boxes if you must run linux for applications. ... > linux inside the firewall? ... web server? ...
    (comp.os.linux.networking)
  • Re: How to select the firewall
    ... I am starting to look at the Linux thing just to see what it can do. ... It is not some BS pesonal firewall for the desktop like ... >> We are going to set up a small business system with a web server (Apache ... >> to put the web server in DMZ and the file and application servers behind ...
    (comp.security.firewalls)
Loading