Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
dcore:server_applications [2016/11/06 04:08] – nitram | dcore:server_applications [2024/06/20 20:17] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== dCore Server & Networking ====== | ||
- | ===== dCore Server Overview ===== | ||
dCore may be used as a basic, lightweight home server. A text only server would require <64mb RAM (~42mb) at boot. It can utilize an existing swap partition, if already present. Otherwise create either a swap file or partition as needed. Although a live boot requires only ~20mb drive space (CD, DVD, USB, hard drive), a frugal text only installation (persistent hard drive install) likely requires ~100-200mb drive space, even after installing desired server and networking extensions. The Tiny Core base system, dCore components and server tools can all be managed from command line, no need to install Xorg/ | dCore may be used as a basic, lightweight home server. A text only server would require <64mb RAM (~42mb) at boot. It can utilize an existing swap partition, if already present. Otherwise create either a swap file or partition as needed. Although a live boot requires only ~20mb drive space (CD, DVD, USB, hard drive), a frugal text only installation (persistent hard drive install) likely requires ~100-200mb drive space, even after installing desired server and networking extensions. The Tiny Core base system, dCore components and server tools can all be managed from command line, no need to install Xorg/ | ||
- | + | At a TTY/ | |
- | At a TTY/ | + | |
===== iptables ===== | ===== iptables ===== | ||
- | Basic dCore iptables setup guide for desktop use. Modify for special need, networking, server or preference. Many ways to accomplish this in dCore, iptables has numerous configuration options. Run iptables | + | Basic dCore iptables setup guide for desktop use. Modify for special need, networking, server or preference. Many ways to accomplish this in dCore, iptables has numerous configuration options. Run iptables |
+ | |||
Numerous tutorials online, useful references: | Numerous tutorials online, useful references: | ||
* http:// | * http:// | ||
Line 16: | Line 13: | ||
The following rules are based on #7.1 - Only Block Incoming Traffic: | The following rules are based on #7.1 - Only Block Incoming Traffic: | ||
* http:// | * http:// | ||
- | + | | |
Designed to drop all incoming/ | Designed to drop all incoming/ | ||
+ | | ||
With this basic configuration ping, wget and browsing all work. | With this basic configuration ping, wget and browsing all work. | ||
+ | | ||
Basic iptables setup: | Basic iptables setup: | ||
Confirm kernel version: | Confirm kernel version: | ||
- | | + | uname -r |
Install iptables and netfilter onboot: | Install iptables and netfilter onboot: | ||
- | | + | sce-import -b iptables |
- | sce-import -b netfilter-< | + | sce-import -b netfilter-< |
Load these extensions or reboot: | Load these extensions or reboot: | ||
- | | + | sce-load iptables |
- | sce-load netfilter-< | + | sce-load netfilter-< |
Check iptables status: | Check iptables status: | ||
- | | + | sudo iptables -L -v |
Lock down INPUT and FORWARD networking, disregard OUTPUT (user initiated traffic): | Lock down INPUT and FORWARD networking, disregard OUTPUT (user initiated traffic): | ||
- | | + | sudo iptables --policy INPUT DROP |
- | sudo iptables --policy FORWARD DROP | + | sudo iptables --policy FORWARD DROP |
Recheck status: | Recheck status: | ||
- | | + | sudo iptables -L -v |
Attempt to access internet, ping domain, network (should fail, that's good!) | Attempt to access internet, ping domain, network (should fail, that's good!) | ||
- | | + | ping -c3 www.google.com |
Set up special rules, this allows INPUT for user initiated requests (eg. web browser): | Set up special rules, this allows INPUT for user initiated requests (eg. web browser): | ||
- | | + | sudo iptables -A INPUT -m state --state NEW, |
Save configuration state (only appeared to work in /home or /opt): | Save configuration state (only appeared to work in /home or /opt): | ||
- | | + | sudo / |
Append this line to / | Append this line to / | ||
- | | + | / |
Backup for persistence: | Backup for persistence: | ||
- | | + | backup |
Reboot system: | Reboot system: | ||
- | | + | sudo reboot |
Verify iptables configuration persistence: | Verify iptables configuration persistence: | ||
- | | + | sudo iptables -L -v |
Repeat process as desired to modify rules | Repeat process as desired to modify rules | ||
===== NTFS ===== | ===== NTFS ===== | ||
- | For NTFS file system read-write capability utilize the [[https:// | + | For NTFS file system read-write capability utilize the [[ntfs-3g LINK |ntfs-3g]] package. |
By default NTFS partitions are mounted read-only (ro), example: | By default NTFS partitions are mounted read-only (ro), example: | ||
- | | + | tc@box:~$ cat /etc/fstab | grep sda1 |
- | / | + | / |
Prior to using ntfs-3g ensure no NTFS partitions are already mounted read-only, run and confirm: | Prior to using ntfs-3g ensure no NTFS partitions are already mounted read-only, run and confirm: | ||
- | | + | mount | grep sd |
Unmount any NTFS partitions using a method below, first two commands may fail, /dev/sda1 example: | Unmount any NTFS partitions using a method below, first two commands may fail, /dev/sda1 example: | ||
- | | + | sudo umount /dev/sda1 |
- | sudo umount --force / | + | sudo umount --force / |
- | sudo reboot | + | sudo reboot |
Import //ntfs-3g// preferably to load at boot: | Import //ntfs-3g// preferably to load at boot: | ||
- | | + | sce-import -b ntfs-3g |
Reboot or load: | Reboot or load: | ||
- | | + | sce-load ntfs-3g |
- | Mount desired NTFS partition using the '' | + | Mount desired NTFS partition using the ntfs-3g command, example: |
- | sudo ntfs-3g /dev/sda1 /mnt/sda1 | + | sudo ntfs-3g /dev/sda1 /mnt/sda1 |
The NTFS partition will now be accessible read-write as user ' | The NTFS partition will now be accessible read-write as user ' | ||
To unmount, reboot or use for example: | To unmount, reboot or use for example: | ||
- | | + | sudo umount /dev/sda1 |
- | + | ||
===== Samba ===== | ===== Samba ===== | ||
+ | [[Samba Link |Samba]] is a free software re-implementation of the SMB/CIFS networking protocol that provides file and print services for various Microsoft Windows clients. It is useful to connect Linux and Windows systems and access shared storage on most Windows-world ISP-provided routers. Numerous full featured file managers provide built-in network browsing support, such as Caja and PCManFM. Configuration is similar to any other Linux distribution, | ||
+ | |||
+ | Import Samba to load at boot: | ||
+ | < | ||
+ | |||
+ | Optional install of smbclient, provides useful smbtree command when setting up network: | ||
+ | < | ||
+ | |||
+ | Optional install of gvfs-backends, | ||
+ | < | ||
+ | |||
+ | Reboot system or manually load above using the dCore sce-load Command: | ||
+ | < | ||
+ | |||
+ | Copy sample / | ||
+ | < | ||
+ | |||
+ | Modify smb.conf file as desired, typically the trickiest part of setting up a Samba network. It may be easiest to modify an existing smb.conf file from a networked system or web search for sample configurations. Sometimes hardware and router reboots are helpful during initial setup, as well as stopping and restarting Samba between configuration changes. | ||
+ | |||
+ | Run '' | ||
+ | < | ||
+ | |||
+ | Add smb.conf file to / | ||
+ | < | ||
+ | |||
+ | Backup this file before reboot: | ||
+ | < | ||
+ | |||
+ | Restart Samba if it was already running before adding custom configuration (top command will show nmbd and smbd running). If starting services manually, nmbd is usually started before smbd. If Samba does not start at boot, add the appropriate startup command(s) to / | ||
+ | < | ||
+ | sudo service samba stop | ||
+ | sudo service samba restart | ||
+ | sudo service nmbd start | ||
+ | sudo service smbd start | ||
+ | sudo service nmbd stop | ||
+ | sudo service smbd stop</ | ||
+ | |||
+ | Confirm Samba network shares: | ||
+ | < | ||
- | ??? | + | Temporary disable firewall or ensure the required ports are open for Samba functionality before testing. |
===== smbclient ===== | ===== smbclient ===== | ||
- | [[http:// | + | [[url |smbclient]] is an ftp-like client to access SMB/CIFS resources on servers. |
- | This guide installs and utilizes only //smbclient//, not the entire Samba suite. | + | This guide installs and utilizes only smbclient, not the entire Samba suite. |
- | On a multi-system LAN, a USB storage device (ie. USB drive, USB memory stick) connected directly to a DSL router server is a convenient central location to retrieve and share files without seting up [[https:// | + | On a multi-system LAN, a USB storage device (ie. USB drive, USB memory stick) connected directly to a DSL router server is a convenient central location to retrieve and share files without seting up [[url |peer to peer]] |
This // | This // | ||
Line 100: | Line 136: | ||
To determine the router' | To determine the router' | ||
- | tc@box:~$ route | ||
- | Kernel IP routing table | ||
- | Destination | ||
- | default | ||
- | 127.0.0.1 | ||
- | 192.168.1.0 | ||
+ | < | ||
+ | Kernel IP routing table | ||
+ | Destination | ||
+ | default | ||
+ | 127.0.0.1 | ||
+ | 192.168.1.0 | ||
- | | + | < |
- | Kernel IP routing table | + | Kernel IP routing table |
- | Destination | + | Destination |
- | 0.0.0.0 | + | 0.0.0.0 |
- | 127.0.0.1 | + | 127.0.0.1 |
- | 192.168.1.0 | + | 192.168.1.0 |
The ' | The ' | ||
Line 124: | Line 160: | ||
Import and load // | Import and load // | ||
- | | + | sce-import -o smbclient |
- | sce-load smbclient | + | sce-load smbclient |
Use smbclient to list available router shares, use the router' | Use smbclient to list available router shares, use the router' | ||
- | | + | smbclient -L 192.168.1.254 |
- | < | + | < |
- | tc@box:~$ smbclient -L 192.168.1.254 | + | |
smbclient: Can't load / | smbclient: Can't load / | ||
Enter tc's password: | Enter tc's password: | ||
Line 149: | Line 184: | ||
Workgroup | Workgroup | ||
--------- | --------- | ||
- | JUNK TELUS | + | JUNK |
- | </ | + | |
In the example above, the server is ' | In the example above, the server is ' | ||
Connect to the USB storage device. Note double slashes used as escapes, no capitalization required, simply press Enter at ' | Connect to the USB storage device. Note double slashes used as escapes, no capitalization required, simply press Enter at ' | ||
- | smbclient \\\\telus\\a | ||
- | < | + | smbclient \\\\telus\\a |
- | tc@box:~$ smbclient \\\\telus\\a | + | |
+ | < | ||
smbclient: Can't load / | smbclient: Can't load / | ||
Enter tc's password: | Enter tc's password: | ||
Line 169: | Line 203: | ||
Basic usage: | Basic usage: | ||
- | *Enter '?' | + | |
- | *To list files use ' | + | |
- | *To place files use ' | + | To list files use ' |
- | *To retrieve files use ' | + | To place files use ' |
- | *To exit use ' | + | To retrieve files use ' |
+ | To exit use ' | ||
< | < | ||
Line 185: | Line 220: | ||
hp7610_quick_guide | hp7610_quick_guide | ||
- | 15713248 blocks of size 1024. 15667168 blocks available | + | 15713248 blocks of size 1024. 15667168 blocks available</ |
- | </ | + | |
+ | ===== SSH ===== | ||
+ | The OpenSSH-server package does not run “out of the box” because the SSH-keys must be created manually once and then included in ' | ||
+ | |||
+ | ==== Preparations ==== | ||
+ | - After loading the extension for the first time, issue sudo ssh-keygen -A in order to have the necessary keys generated. This will populate '/ | ||
+ | - Set a password for user “tc” by sudo passwd tc. The traditional password is “tcuser”. | ||
+ | - Add “etc/ | ||
+ | |||
+ | In principal it should not be necessary to set a password as there is the option PermitEmptyPasswords in '/ | ||
+ | |||
+ | ==== Running ==== | ||
+ | Start the server via sudo / | ||
+ | |||
+ | |||
+ | ===== NFS Client ===== | ||
+ | NFS client is supported by the busybox mount command. You need to specify it specifically to use it. A simple setup might be. | ||
+ | < | ||
+ | tc@box:~$ sudo busybox mount -o nolock <ip address or domain name>:/ | ||
+ | |||
+ | You will need to use the proper NFS path the server is using. | ||
+ | |||
+ | **[[dcore: | ||
- | **[[http:// |