I have a question about servers

[Mister Bushice]

I am thinking about setting up a server at home for several people who work for me to access files from their remote computers, as well as allowing me access to files when I travel. Right now, I have a home network of 4 computers that is secured. I only want this new server to have access available on line, I don't necessarily need to wire in the home network to it, since 2 of the computers are not used in the business.

I was wondering if I could set it up on the current network (I have three hardwired slots open on the router) and what software I could use to set up a gateway ( username and password) to allow access?

I would want to be able to see use logs, and have some kind of either menu or an easy interface to D/L basic PDFs, Photos, and word files.

The only experience I've ever had with a server is a microsoft based server that was nothing but trouble and required a FT tech to fix the constant problems it created.

I'd also like to know what to buy server wise. I have plenty of cash for this, so there is no limit there.

I want it to be as uncomplicated as possible, and no datavase would be needed. It will be a file archive only, with some kind of easy back up system - Pop the drives in and out type of thing.

Paging ET......

[Shlomart Ben Yisrael]

For just simple file serving to 10-20 clients, you could resurrect an old Pentium II.

Your requirements would include adequate RAM (256-512 MB)
A quality power supply for an always-on system
A RAID + setup for hard drive backup and integrity
A server oriented OS like Windows 2000 Server (I recommend Linux)

And finally, consider an FTP solution for access for the employees.

[Mister Bushice]

A server oriented OS like Windows 2000 Server

NO way. That was the server/OS I watched the tech curse about every day when it would crash or have security issues.

[Shlomart Ben Yisrael]

A server oriented OS like Windows 2000 Server

NO way. That was the server/OS I watched the tech curse about every day when it would crash or have security issues.

Interesting, because most folks agree that 2000 is the most rock solid OS they ever released.

Maybe Windows Server 2003 interests you?

[PSUFAN]

You just want to serve files? Unless you want to tinker with it and set something up yourself, I suggest the following:

-set up a gmail account to share with a few people, which folks can email files to and therefore share
-get a cheap hosting account, you then have a server that you can do a lot of stuff with, and somebody else has to keep the thing running

Not to dissuade you from setting up a server just for the fun of it. I recommend trying Linux; for stability and security it's unmatched. It's not too hard to get rolling with it, either

[Headhunter]

I know you're shitcanning Microsoft, which is too bad. 2003 comes standard with Windows SharePoint Services which is a collaborative work space which would fit every consideration you have listed. Don't know why you're bitching about Microsfot Server OS's. I work day in and day out with around 50 Servers. Sure there are problems, but don't think those are isolated to MS.

If you decide you want to go the WSS route, let me know. I've been on a WSS project for my company for 2 years, and also provide our in-house user training. I could provide you with some instalation guides and tips and tricks to make the install and maintenance a snap.

Also, I agree with PSU. Find a cheap host and let them worry about the server headaches.

If it was me, I'd find a good host who will drop 2003 and WSS on your server. At that point, you're just setting up configurations.

[Mister Bushice]

Any cheap remote hosts you guys know about? I just don't want the headaches of troubleshooting.

[Mister Bushice]

You just want to serve files? Unless you want to tinker with it and set something up yourself, I suggest the following:

-set up a gmail account to share with a few people, which folks can email files to and therefore share

Report volume is too high to do this. We need an archive with controllable access.

-get a cheap hosting account, you then have a server that you can do a lot of stuff with, and somebody else has to keep the thing running

Good idea. Know of any?

Not to dissuade you from setting up a server just for the fun of it. I recommend trying Linux; for stability and security it's unmatched. It's not too hard to get rolling with it, either

I agree with you, Linux would be the way I would go. Unfortunately I'm running the show, and I just don't have the time to tinker with a server (as much as I'd like to be able to) I've built my own computer from the ground up before, but that was before I started this business. Now I have too many responsibilities and no one working closley with me knows server stuff.

Thanks for the responses all.

[ElTaco]

I don't think it really matters which server OS you use. Linux, if you know what you are doing, and do basic maintenance can run on cheaper machines and probably with less headaches in the long run, but if you don't know what you are doing can be very painful to configure.
We run Windows 2003 and Linux at work and as long as you do basic maintenance and patching, they can both do ok and survive attacks. Of course that means regular patching, firewalls, secure configurations and setting good permissions.

I would say in your case, you would probably want an online solution, but its also good to note that with an online solution from a 3rd party, you would only have access to data that you upload. In other word, if you go out of town and you forget a critical file on your home PC, you are fucked....

So as I see it, here are your options:

Option 1: Run your own file server at home. You have multiple choices as to how you actually access the files. You can either use a remote control technology such as PC Anywhere or VNC, but that actually lets them run programs remotely on your server. This is an over kill functionality and security wise, but PC anywhere is relatively simple to set up and not too expensive. Of course PC Anywhere is a windows solution; Linux however has other solutions that are similar/free. Alternatively you could set up an FTP Server. FTP server is one of the fastest way to transfer files, but its not very secure. You can easily set up a VPN, especially since some SOHO routers support this functionality, but that is also a bit of an over kill since you only want to give access to one server and not a whole network. Of course the nice thing about a VPN would be that it is encrypted and then you can use share privileges and NTFS privileges to protect content, so you could log into any of your PCs as an administrator, but your staff could only log into the file server and to local 'intranet' services you might set up in the future. Again probably an over kill for you, but the nice thing is that you aren't exposing your machines to the internet. People would log in using VPN and then have access to your network resources, including printers or anything else you elect to share with them. Did I mention that this has the added benefit that you could have access to your own PC's at home, just in case you forget to put up the file on the file server?

Option 2 is that you pay for web, ftp, ssh, etc services from some other service provider. The added benefit here is that you don't have to spend a lot of money on the server or worry about upgrades, patching, trouble shooting, backups, and exposing your network to outsiders. There are also downsides, such as limitation of technology available. Of course that depends on the $ you are willing to spend, but if you want a fairly cheap hosting account, they will limit what you can do on there. The nice thing is, you could also put up a web page and have a work related email address that you give to your employees/contractors or anyone else you want to. I don't work too much with 3rd party hosting these days but you can easily get a few gigs for $30, of course as I said, most of these solutions are best suited for web hosting and while you can use FTP to share files, its not as easy to do it, especially if you plan to go back and forth with your people and edits the files. The other problem is that if you don't upload a file, you still don't have access to it, so you would actually want to set up a VNC, GOTOMyPC or PC Anywhere type service so that you can access your own PC just in case you forget to upload the file to the server.

3rd Option: You can also decide to buy/build your own server and then have it hosted by an ISP, in other words to collocate your server. This usually means that they will put your server on the web, but you still have to manage it. This would be an ideal solution if you need good bandwidth and guaranteed uptime as well as maybe weekly automated backup services, but you wanted to have control of security on your machine. This isn't cheap, but it does allow you to keep the flexibility of having your own server while on a fast link, regular backups and no power problems. This system still has the downfall of not having access to your home PC, but you could always maintain a VPN secure tunnel between your home network and the server on the web, although this would depend on how secure you set your Server, because if someone hacks it, they will have access to your network as well.

Now depending on your actual work share needs, It might be a good idea to look into something like MS Sharepoint or some other similar solution, however this is only realy worth it to me if you plan on actually using this server to exchange documents while you work on them, in other words, if you start a document and then you want to have other people make edits or additions, then Sharepoint or some other sharing solution is your friend, but if you just want to share finished documents with your staff, it might be an over kill.


Ok so the original question included a question about how you would connect your server at home. You have two options. One is to purchase a 2nd IP address from your ISP. I know Verizon sells these for about $10/mo so you can add an additional server outside of your router, however, this is not a great idea, because it leaves your server exposed to anyone so you would either have to run a local firewall on your server or secure it and patch it really well.
A more secure alternative is to pick up a 2nd SOHO wired router and create a server network behind your 2nd IP. Then you can connect a switch to your DSL/Cable Modem and connect the two routers into the switch with each Switch being assigned one IP address. The problem is that your local network can't have access to your server network and vice versa, so really this might not be an ideal solution either.
Your last solution is actually the cheapest solution in that you don't need to buy a 2nd IP address. You can set up a VPN if your Linksys router supports it or to set up some open ports that are forwarded to your server. So if you run PC Anywhere, you could set up the ports on your firewall so that any connections from the Internet are automatically forwarded to your server, however only those ports are open, which means other services aren't exposed to hackers. Of course the problem is that if that service is hacked and the server is compromised, your whole network is also open to be hacked. You can't have it all.

For this I would look at some basic servers, probably from Dell. It doesn't sound like your shared data will be huge so I'd be looking for a simple PowerEdge system like the 750, with 1 (80Gb) drive for the OS and programs and 2 mirrored (Raid 1) PATA or SATA drives around 120Gb to 250Gb for your Data. This would require your server to support Raid, but I wouldn't waste money for SCSI drives. You should also get a Tape drive or an external USB or Firewire drive where you could do daily or weekly backups of your data. If your data only changes two or three times a week, don't waste your time doing daily backups. My guess is you could have the whole system for $1500 easily. If you are considering Co-Hosting your server at an ISP, you should buy a 1U Rack mount server instead. In this case you might only have 2 drives available, so raid them (Raid 1 - Mirroring) and install the OS and the data on the same drive.

Last but not least, you could always do your research and then hire a consultant to build the system for you and maybe come in once every quarter or month for an hour or two and do updates and patching. It might cost you a Thousand for someone to set up some server, patch it and set up file sharing like FTP and HTTP and then maybe $100 to $200 to do some simple patching once every few months. If you are willing to trust someone younger, perhaps from a local Tech school or college, you should be able to find a few competent people for relatively cheap.

[Mister Bushice]

Excellent info as usual, ET. Thanks a lot. It certainly leaves me without questions. Great stuff.

[PSUFAN]

Bushy, the host we use for this site is http://www.lunarpages.org

It remains the cheapest host with the most services that I've seen, not that I shop around much anymore.

Check out the plans they have there...if any host offers more for less, let me know.

As for Microsoft server products, I certainly don't pretend to know much about them, because I never use them. However, when it comes to using a host, there is one relevant fact; you'll pay more for a windows server than you will for linux, every single time. You'll also be able to do more with a linux server from where you're sitting...that is, there are innumerable open source projects that one may install and use with a shared linux host, totally free of charge.

[Mister Bushice]

That is another thing I like about linux, the open source aspect. With MS you have only whatever they have decided you can have, and while for most people that is usually sufficient, I have always felt hampered by that, especially when using non MS products and trying to get them to be compatable.

case in point Adobe Acrobat. We had to completely revamp our MS word report format, because .DOTs are not compatable with Adobe when creating PDFs. That only opened another can of worms that we had to work around in terms of report security and accuracy. Big hassle reworking 25 report forms to make them recognizable by the PDF program and still maintain some margin of error control.

I had a relable affordable programmer working for me last year, but he has hit the basement and is no where to be found.

I have some cash to spend, but not a $150 per hour / 10 hour minimum / no maximum indicated, like my ISP wants for programming fees.

I will check out lunarpages. Initially I went with the ISP that TNW use to have - Aplus.net because dude in charge of TNW spoke highly of it, and until recently they have been flawless. There have been a few issues lately, including a data loss that was their fault that cost me somewhere between $500-700 bucks.

I figured I'd try someone new for this on line report storage, unless I take the plunge and do it myself, which I still have reservations about, timewise. I can figure stuff out and I'm not too proud to ask questions from those who know, but I won't be able to manage very well if I don't have the time to work on it.

[Mister Bushice]

Starting to look into this deal a little closer. One roadblock I ran into for on line ( or off site) server hosting is back ups. I checked with my hosting service, and even though they do back ups, they are of the "emergency" type, meaning I would be on a server hosting multiple users, and the only time a back up is used is when the server has crashed, and that in general specific users cannot expect to replace or recover data on their own. It is done server wide.

Is this common practice? If that's is the case, my money might be better spent on a server in my own house.

Which brings me to a key point. What to do about a power outage? I have battery backup on my network system here, but it is intended only to allow time ot save current data and shut down, not for extended use.

Are there any reasonable, reliable battery back up systems that will work for extended periods, say several hours?

[SunCoastSooner]

For just simple file serving to 10-20 clients, you could resurrect an old Pentium II.

WURD. I don't know shit about the techinical side of computers but I do know that this is the set up at my house/office.

[ElTaco]

Of course they have UPS that can run for several hours. Depending on your machine/server you might not have to spend all that much money.

I think it may be time to get down and dirty and start talking specifics. Lets say you have $2.5k to spend on this project. Here is how I would do it at home.

You'll need:
A computer. Because this is for business, you'll want something reliable, warrantied for 3 years, with decent HD space and the ability to do regular backups. I would say a server class machine would cost about $800. You can certainly skip this step and just take a machine you already have or buy a regular PC but having a warranty, especially one that you can have someone from dell come out and fix it can be nice, especially when you aren't home. I would probably price out a Dell Poweredge SC430, with 1 or 2 100Gb SATA drives, Pentium Chip, 1 to 2 Gig Ram and probably a 3 year warranty. I priced out a dell for $760 without backup, with 3 year basic warranty, Pentium4 CPU, 1gb ram, 1x80Gb SATA drive and no OS.

Next is your Backup solution. In this case I would decide how often you think you'll need to backup. You would want to do this based on how often your data changes and if you data is lost, how much work you want to do or can afford to do to recover some or all of it. In other words, the more you spend now and the more time you spend backing up, the less time you'll need to recover everything, but maybe you don't need to recover everything because everyone should already have one or more copies of the data anyway. Thats a decision you'll have to make. A simple 20/40 Gb Tape backup drive will cost about $250, plus another $150 for the tapes. If you run Linux or Windows, you can use the default backup utilities that come with those Operating Systems so you don't necessarily need to buy a backup software. Your other option is that if you have a 2nd PC available, you could set it up to be a live backup server and save money on tapes and backup drives. I'd say the tape drive and tapes will set you back about $400. Alternatively, you could just purchase a 400Gb USB or Firewire drive and do backups on that. Just realize that you'll have to be around to run it or connect to the server when you aren't home and mount the external drive, do the backup and then unmount the drive. Problem is that if a hacker gets to the machine and mounts the drive, they can get to your backups so actually disconnecting it from the PC is a good idea.

Next is your power issues. For a server or PC this size, you can't really do dual power supplies (technically you can but its proably not worth the $200 to $300 dollars). What you can do is purchase some UPS that can run a simple PC for an hour or two. UPS are measured in VA but what you really need to figure out is how many watts your PC will use. This is not too hard because you can take your maximum watts usage of your power supply and just use that, however it wouldn't hurt to add up the sum of all the components (MB, HDs, CD/DVD drives, etc..). So lets say that you have a 400 Watt power supply. Now you can start looking at UPS. Take the APC Smart-UPS 3000VA UPS that goes for $1200. At half load or about 1100 watts, it will run around 20 minutes. But you are only using about a 1/3 of that so your machine should run almost 2 hours on that UPS before going completely dead. I would say you could safely set it to shut down after 1.5 hours. If you cut your Watts back to 300, you can do about 2 hours runtime on the battery. If you can afford about $3200, you can jump to the 5000VA UPS and run your Server for about 3 hours and 20 minutes.
In other words, the smaller and more power friendly your 'server' is the smaller and cheaper UPS you can have and still run for a long time. If you could keep your usage to 200 watts on your PC you could run 3 hours on a 3000VA UPS. Not bad. Just don't forget that just like you'll probably want to replace your server every 3 to 4 years, you will want to do the same for your UPS so your batteries don't die on you in the middle of an important trip.

Well all that is left now is a good firewall that supports WPN and good proven firewall technologies. You could go with a simple $50 SOHO wireless router but I don't know that I would really trust it to protect sensitive data. If you go that route, make sure it supports VPNs and you run a firewall of some type on your server. Linux comes with IPchains and windows even has a simple built in firewall now. You can also build your own firewall using a simple PC. You can look into open source projects like IPCOP to get your hands on an already preconfigured firewall that will do a good job of protecting you and your network.

So total costs:
PC/Server if you don't already have one: ~$800 with s/h and tax
Back up solutions: external HD ~$200
Tape backup ~$400
Second machine on network if you have it ~$0
UPS: 3000VA APC: $900 tripplite or $1000 and up from APC
Firewall: Cisco 501: ~$250 and up or use a PC for nothing.

total cost: Who knows, depends on what you do but if you buy everything and run linux I'd estimate about $2200 to $2500

[Mister Bushice]

I agree I'd want to buy a server with a warranty. Anything running 24/7 will need that. I also agree Dell is the way to go. No problem there

Second, I would need to do backups daily/nightly, but missing a day here or there would not be a disaster, since I'd still have off site back up by the users in the short term. I do have an old box here (maybe too old- it was built by me in 2000 with Win 2000 on it) , and I have a brand new 100GB drive I could install either as a second drive or replace the primary drive that's still in there and format the new one with a linux OS. The question is, will the old motherboard (an ASUS one) have any troubles I need to address? I flashed the BIOS back in 2000 with the last update they had available then. Also, I would want the backups to be automatic, occurring at night. I know there are complexities there, and probably the tape drive route with the built in utilties would be the way to go.

Third. The backup will be the area of most concern. We do occasionally have power outages, mostly they are short. However, I was wondering. Is there someway to cascade several UPS units so that during an extended power outage two or three UPS could be daisy chained and when one died, the next would pick up? (I know that's a reach, but I had to ask)

Fourth. If I had a second router hardwired into the current one, would that work if the #2SOHO had it's own firewall protection, and I set that router up with it's own IP # off the first router? would I put IPCOP on the backup computer, or would it go farther up the chain?

In essence, the setup I THINK I would have would be that the backup server/computer would be wired from the existing wireless router (the one that is connected to the DSL modem), through the new SOHO router, and then form there to the backup server/computer, placing it two routers away from internet access.

How would the IP configuration work having dual routers set up like that?

Forgive my ignorance of network setups on this. It's all new to me.

[ElTaco]

Backups with a live computer. This is what we are doing at work. We are building a $5k 2tb machine that will use RAID 5+1 to be the backup server. This machine will be running Fedore Core 4 or 5 using SELinux to secure it. This server will essentially be a simple file server. Every regular server on our network will map a directory on the backup server and just use NTBackup to create a backup file and write it to the drive. If you are running two Linux machines you have more options. You can use many different Linux utilities to automatically log into the backup server and backup onto that machine. You could use a VNC connection to encrypt your traffic or just use rsync or rcopy or ssl or any number of other technologies to do the job. You'll have to look into it a little more when you get to it.

Daisy Chaining UPS can be done but is not recommended and there is a good chance that it will void warranty, not give you the ability to get money for damaged equipment, not give you increased time and possibly damage your UPS that are down the line from your last one. Ok so first you kind of have to understand how UPS work. They basically look at the Power that comes in and if they sense anything from the norm, they go on battery, otherwise you have two options. One is they directly bypass the battery and just clean up the power and let it go and only switch to the battery when the wall power fails or they let the wall power go to the battery and you pull from the battery. Either way Most UPS clean up power one way or another and feed it to the equipment plugged in. Most of them will feed a modified sine wave when there is a power outtage. The problem is that when another UPS senses the Modified sine wave, it assumes a power failure has taken place and goes onto battery so lets say you go out and buy 6x 500VA UPS and you daisy chain them. When the power goes out, the first one will go on battery and feed the 2nd UPS a Modified Sine wave. That one now detects the Modified Sine wave and instead of just functioning normally, it will assume bad power/power outage and start functioning as if it wasn't getting any power and feed the 3rd UPS from its battery with modified sine wave. The same process occurs over and over until you get to the last battery, which will do the same thing so ultimately, your computer will only stay up until the last UPS dies. When it dies, your computer goes down. On a 500VA UPS that means a very short time. Some companies use different sine waves which would actually mean that the system could work, but even they don't recommend more then 2 to 3 maximum UPS daisy chained because of Warranty and because you could defeat some other protective machanism.

Anyway, here is a link to APC's Answer to your question:
http://tinyurl.com/l6qd8


Routers:
Unlike UPS, routers and switches can be daisy chained easily. There are only a few things you need to know.
#1 - routers route between different networks, in other words, each router must have a different network for them to route properly. So, Your one router is plugged into the DSL line. The internet side should have a static IP address. This router might use the private IP network 192.168.1.0/24. This router should use NAT and probably have the VPN features so that you can get to your server from the Internet. The server will have to have a static IP address. The other machine that will plug into your internet router will be the second router/firewall. This will also have a static IP address on the 'wan/internet' side and on the inside will have a second network such as 192.168.2.0/24. Notice how the 3rd number is different in the IP range. The only catch is that if you have your backup server behind this router, you will need to give that server a static address as well, and the 2nd router will also need VPN capability.

You also have other options. At one business they were really cheap and not very security conciencious so we set up a webserver/email server/router for them on one Linux machine. That machine did everything. It ran their website and it also did the firewall/nat routing functionality for the whole store. In other words it looked like this:


-----------DSL---------Linuxmachine----------switch-------LAN

This will certainly work but if your Linux machine goes down, so does your intrnet access, your web server, your data and your whole network. It can be kept safe, but you have to ensure that the patches are applied in a timely manner.

[Mister Bushice]

Here is my set up right now:


---------------------------------------> wireless laptop
Modem -> Wireless Router -> -> Wireless Desktop
---------------------------------------> wireless laptop
---------------------------------------> wireless desktop

The internet side does have a static IP address.

What is NAT? I doubt, but I'm not sure, if this router I have now has VPN features. It is a linksys dual band wireless A&G, with 4 Hardwired slots that are currently unused. If I was to get a server and another router to add to the above config, I would have to replace this one with the new one and move the old one back behind the new one, correct? How does the second router get a different static IP address on the internet side if it is plugged in behind the first router?

So my new config would be:

---------------------------------------> wireless desktop
---------------------------------------> wireless laptop
Modem -> Wireless Router -> -> Wireless Desktop
---------------------------------------> wireless laptop
----------------------------\
-----------------------------\
--------------------------------> Old Wireless Router->File Server

[ElTaco]

What is NAT?

NAT is Network Address Translation. It is a form of a firewall that will translate one IP address to another as a packet travels through it. So if your Private side IP address is 192.168.1.5, it might translate it to 203.33.45.5. When the router gets a reply back from the server you contacted, it will translate the IP address back to yours and forward the packet back to your machine. Another name under Linux for NAT is IP Masquarading. In other words, your machine is hidden behind the router. When a webserver receives information from you, it will actually think that the packet came from your router. It replies to the router who then translates the IP address back to yours and forwards the traffic back to you. Not sure how else to explain it, but this is the technology that allows your 4 computers to access the internet behind 1 IP address. Of course NAT can actually translate IP addresses even if you have 1 public IP address for each machine. The idea with NAT is that you only know the public IP address and not the private one so you can't directly get to that machine without first going through the router to make the translation within each packet.

I doubt, but I'm not sure, if this router I have now has VPN features. It is a linksys dual band wireless A&G, with 4 Hardwired ports that are currently unused. If I was to get a server and another router to add to the above config, I would have to replace this one with the new one and move the old one back behind the new one, correct?

Well since your server will not be wireless, there is no reason to keep the wireless router up front. You don't actually need VPN. You can set up what is called a DMZ or Demilitarized Zone. The idea is similar to the real world military concept. Basically you have a Zone between the Internet and your private network where you stick Servers that need access from both sides. Some SOHO routers use the same terminology, even though they use it slightly differently. In this case you can set up one machine to be accessible from the internet, even though its on the same network as your private LAN. Another name used by companies is Port forwarding, where you can forward packets that come to one port to a specific machine. I've yet to see a router that has not supported some of these features.

Here is a link that discusses NAT and DMZ: http://grc.com/nat/nat.htm

How does the second router get a different static IP address on the internet side if it is plugged in behind the first router?

So my new config would be:

---------------------------------------> wireless desktop
---------------------------------------> wireless laptop
Modem -> Wireless Router -> -> Wireless Desktop
---------------------------------------> wireless laptop
----------------------------\
-----------------------------\
--------------------------------> Old Wireless Router->File Server

It doesn't. The second router uses a static IP address from the first router. Lets draw this vertically instead of horizontally.
----
Internet
----|
----|
----|
----|
----|
Modem
----|
----|
----|/------IP 168.104.33.45 (this is an example of a Valid Public IP)
Router/Firewall
----| ------IP range 192.168.1.0/24 (this is an example and usually
----|----------default network IP range for most SOHO routers. In
----|----------reality, a router would have one IP address per port
----|----------and they don't have switches built in but they simplified it
----|----------for SOHO routers.)
----|
--DMZ ----------------------
----|------------|----------|
----|--------Server-----Server2 - 192.168.1.11
----|---192.168.1.10
----|
----|/---- IP 192.168.1.2
Router/Firewall
----|-------
----|--------|
--LAN -------IP address range is 192.168.2.0/24

Ok so your Routers are actually hardware. The DMZ is a LAN, except it is not as secure as your LAN because it allows traffic in from the Internet. Your LAN is very secure because it does not allow traffic (that you didn't initiate first) to get through the firewall.

Again, the website (http://grc.com/nat/nat.htm) gives a good intro to it all. About half way down the page, they explain how the double router/firewall system works so you should take a look at it.

[Mister Bushice]

I do understand the NAT concept. My current Router does work that way. The Public IP is very different from the network IPS.

I will read up on that link, because the DMZ concept is new to me. Thanks a lot.

[Mister Bushice]

OK so in this Diagram:



How would I go about setting this up, interms of the actual settings?

I was able to set up my basic wireless network, but That type of configuration I've never done.

[Mister Bushice]

ET,

Some more stuff. I am set up like the image below without the secondary router and high value machine. However, My network is protected, not open or "Uncontrollable". This set up would be far easier for me to configure, but is it as safe as the one in the post above? If not, what essentially is less safe about it? It looks like I could easily just add the second router in and put a firewall like IPCOP on the new server, with a program behind that only allows password protected access to a linux OS.

[ElTaco]

They are essentially the same setup in terms of the routers, the big difference is where the Server goes.

In the first set up you have a DMZ style network. In other words, this is what you are going for because you want access to the server from the internet and from your Private Lan. The Server goes in between your two Routers. The Internet router would allow certain traffic to get to your server and your server only. So you take your IP address that you have from your ISP and assign it as a static address for the Internet port on your Router. Then you set up a private network on the other side. Like I said above, you will probably use the default address your DHCP will want to give out, which is 192.168.1.0/24. In other words, if you haven't read the 6 page network post I put up, you can use 192.168.1.1 to 192.168.1.254. You just set up your basic NAT routing. You can keep the dhcp server enabled or disabled. doesn't matter because you won't use it because you will only keep your Server and the router attached to that network. So your router will take the 192.168.1.1 IP address as its internal IP address. Then your 2nd router can have 192.168.1.2 and your server can have 192.168.1.3. Once you have made these decisions, you need to go to the Port forwarding or DMZ settings in your router and forward the appropriate ports to your server at IP address 192.168.1.3. So if you will use some Document handling system that uses a web front end and you will run Apache, then you will need to forward all requests from port 80 on your router to 192.168.1.3:80 or in other words to your server on port 80. Can't really explain this any more unless you know exactly which router you will use for this.

Here are some recommended business class Firewalls:

D-Link DFL200 Desktop VPN Firewall for $290
http://www.dlinkshop.com/product.asp?sku=2553596
I always like D-Link in general because for the most part I hear decent stuff about them. They tend to be a bit more expensive then netgear or Linksys but cheaper then Cisco. D-Link does have better solutions, but I seriously doubt its worth the money and time.

Cisco 501 for about $250 to $300
Yes, this is your best possible solution. Can't get any better then this, unfortunately its not simple and with your lack of experiance I would not recommend this. The price isn't too bad however so if you can get someone to configure it for you, it might be the way to go. This is real enterprise technology in a small box trimmed down for small offices.

Netgear ProSafe line with VPN Firewall
If price is a problem, you really can't go wrong with Netgear. Their stuff is fairly decent, always been and their prices are really not beatable. You can get for just over $160 a Firewall with 25 user VPN capability with 4 Gigabit ports built into it and it also has some basic DOS attack prevention capabilities. Its made for small business so it should be easy to manage. With VPN, you really can't go wrong in terms of security. You might not even need a 2nd Router at all. You could just use your wireless router as an Access Point if you wanted.

I'm not sure what else I can tell you. I would say you have some choices to make. First and foremost, are you up to the technical stuff. If not, you really should just use a consultant or just use some online service. Its not ideal, but it sure takes a lot of the technical headaches out of the whole process. If you are set on the at home thing, decide on how you want to connect to your server. You should research VPN (virtual Private networks) which are essentially a tunnel into your network through the router from the outside, so you would have complete access to your network at home. Then you could connect to your server or any other machine at home through the network. Alternatively you can use the DMZ idea with one or two routers where you have a DMZ where your server will be and your internet router/firewall will forward all connection requests it receives from the internet for certain ports that you set up, like http on port 80 for example. Then you can have a 2nd router/firewall/wireless AP plugged into the first router and you would use that as a secure private network for your home computers so that you and your family's personal computers are protected. This setup looks like the first image you asked about.

The 2nd image is when you want to protect the server not only from the internet but from your family as well, which probably isn't the case here. You can just run IP chains or some other firewall on your server to ensure no one can attack your server if you are that protective.

The backups and UPS discussion can resume after you have made all these decision, plus what server you will use and how you will share the data which is a decision you will need to make shortly after you decide on the network stuff.

[Mister Bushice]

The 2nd image is when you want to protect the server not only from the internet but from your family as well, which probably isn't the case here. You can just run IP chains or some other firewall on your server to ensure no one can attack your server if you are that protective.

Not so much protecting the server from the family as much as they have no use for it.

Plus, if need be I could always set up a VPN for one of them, correct?

The reason I like the second image set up is because it wouldn't change what I currnetly have set up for the home network, alll I would be doing would be adding the server to it, and setting up a VPN, etc.

I realize I have oversimplified, but if I went the image #1 way, I would have to reconfigure every station on the new router.

Just looking to make it as head ache free as possible.

[PSUFAN]

total cost: Who knows, depends on what you do but if you buy everything and run linux I'd estimate about $2200 to $2500

:sad: a good hosting account can be as cheap as $100 a year. You can do backups with a click and save them zipped up on your HD.

[Mister Bushice]

link?

I can't find many with decent file storage capacity, which I will need to have. At least not for any reasonable amount of money

And I wouldn't need a DB to go with it, just a prgram to facilitate file management for multiple users.

Still looking...