This is an old revision of the document!
Table of Contents
dCore Server & Networking
Overview
dCore may be used as a basic, lightweight home server. A text only server would require <64mb RAM (~42mb) at boot. It can utilize an existing swap partition, if already present. Otherwise create either a swap file or partition as needed. Although a live boot requires only ~20mb drive space (CD, DVD, USB, hard drive), a frugal text only installation (persistent hard drive install) likely requires ~100-200mb drive space, even after installing desired server and networking extensions. The Tiny Core base system, dCore components and server tools can all be managed from command line, no need to install Xorg/graphics.
At a TTY/terminal or terminal emulator, entering 'busybox' or 'busybox –list' outputs all available BusyBox commands. Tab auto-completion is supported. Pressing the Tab key twice lists all current system executables. After loading exensions, these additional executables will also become available. In a TTY or non-scrolling terminal, use Shift-PageUp and PageDown keys to scroll. Running 'executable_name –help' (two dashes) provides basic help and usage information for most commands.
iptables
Basic dCore iptables setup guide for desktop use. Modify for special need, networking, server or preference. Many ways to accomplish this in dCore, iptables has numerous configuration options. Run iptables –help for usage information. This method was tested in dCore-jessie.
Numerous tutorials online, useful references:
The following rules are based on #7.1 - Only Block Incoming Traffic:
Designed to drop all incoming/forwarded packets, allow outgoing traffic.
With this basic configuration ping, wget and browsing all work.
Basic iptables setup:
Confirm kernel version:
uname -r
Install iptables and netfilter onboot:
sce-import -b iptables sce-import -b netfilter-<your_kernel_version>-tinycore
Load these extensions or reboot:
sce-load iptables sce-load netfilter-<your_kernel_version>-tinycore
Check iptables status:
sudo iptables -L -v
Lock down INPUT and FORWARD networking, disregard OUTPUT (user initiated traffic):
sudo iptables --policy INPUT DROP sudo iptables --policy FORWARD DROP
Recheck status:
sudo iptables -L -v
Attempt to access internet, ping domain, network (should fail, that's good!)
ping -c3 www.google.com
Set up special rules, this allows INPUT for user initiated requests (eg. web browser):
sudo iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
Save configuration state (only appeared to work in /home or /opt):
sudo /sbin/iptables-save > /home/tc/iptables-rules
Append this line to /opt/bootlocal.sh so iptables-rules load at boot:
/sbin/iptables-restore < /home/tc/iptables-rules
Backup for persistence:
backup
Reboot system:
sudo reboot
Verify iptables configuration persistence:
sudo iptables -L -v
Repeat process as desired to modify rules
NTFS
For NTFS file system read-write capability utilize the ntfs-3g package.
By default NTFS partitions are mounted read-only (ro), example:
tc@box:~$ cat /etc/fstab | grep sda1 /dev/sda1 /mnt/sda1 ntfs noauto,users,exec,ro,umask=000 0 0 # Added by TC
Prior to using ntfs-3g ensure no NTFS partitions are already mounted read-only, run and confirm:
mount | grep sd
Unmount any NTFS partitions using a method below, first two commands may fail, /dev/sda1 example:
sudo umount /dev/sda1 sudo umount --force /dev/sda1 #if above fails, attempt forced umount sudo reboot #last resort to unmount NTFS partition(s)
Import ntfs-3g preferably to load at boot:
sce-import -b ntfs-3g
Reboot or load:
sce-load ntfs-3g
Mount desired NTFS partition using the ntfs-3g command, example:
sudo ntfs-3g /dev/sda1 /mnt/sda1
The NTFS partition will now be accessible read-write as user 'tc'.
To unmount, reboot or use for example:
sudo umount /dev/sda1
Samba
Samba is a free software re-implementation of the SMB/CIFS networking protocol that provides file and print services for various Microsoft Windows clients. It is useful to connect Linux and Windows systems and access shared storage on most Windows-world ISP-provided routers. Numerous full featured file managers provide built-in network browsing support, such as Caja and PCManFM. Configuration is similar to any other Linux distribution, brief usage outlined below.
Import Samba to load at boot:
sce-import -b samba
Optional install of smbclient, provides useful smbtree command when setting up network:
sce-import -b smbclient
Optional install of gvfs-backends, if not already included in the full-featured file manager of choice, to enable built-in network browsing functionality:
sce-import -b gvfs-backends
Reboot system or manually load above using the dCore sce-load Command:
sce-load samba smbclient gvfs-backends
Copy sample /usr/share/smb.conf file to /etc/samba/:
sudo cp /usr/share/smb.conf /etc/samba/
Modify smb.conf file as desired, typically the trickiest part of setting up a Samba network. It may be easiest to modify an existing smb.conf file from a networked system or web search for sample configurations. Sometimes hardware and router reboots are helpful during initial setup, as well as stopping and restarting Samba between configuration changes.
Run testparm command to check smb.conf utilization and integrity:
testparm
Add smb.conf file to /opt/.filetool.lst:
echo "etc/samba/smb.conf" >> /opt/.filetool.lst
Backup this file before reboot:
backup #or filetool.sh -b
Restart Samba if it was already running before adding custom configuration (top command will show nmbd and smbd running). If starting services manually, nmbd is usually started before smbd. If Samba does not start at boot, add the appropriate startup command(s) to /opt/bootlocal.sh. Useful commands to control Samba:
sudo service samba start sudo service samba stop sudo service samba restart sudo service nmbd start sudo service smbd start sudo service nmbd stop sudo service smbd stop
Confirm Samba network shares:
sudo smbstatus smbtree #if smbclient installed
Temporary disable firewall or ensure the required ports are open for Samba functionality before testing.
smbclient
smbclient is an ftp-like client to access SMB/CIFS resources on servers.
This guide installs and utilizes only smbclient, not the entire Samba suite.
On a multi-system LAN, a USB storage device (ie. USB drive, USB memory stick) connected directly to a DSL router server is a convenient central location to retrieve and share files without seting up peer to peer networking.
This smbclient method provides a command line interface only to 'put' and 'get' files. It is simple to set up and does not require special configuration, such as modifying iptables or /etc/fstab, using a Samba configuration file (smb.conf), creating mount points or adding files to /opt/.filetool.lst.
Most routers are provided by the ISP and security can not be assured. The shared data will become always available, protected solely by the router's firewall. This method should, therefore, only be used to store and share non-sensitive data. It is prudent to review and tighten security and firewall settings from within the router's web interface before proceeding (eg. typical vs minimum security, disable wireless if not used, stronger password).
To determine the router's IP address using built-in tools, run route and route -n, example:
tc@box:~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default telus.home 0.0.0.0 UG 0 0 0 eth0 127.0.0.1 * 255.255.255.255 UH 0 0 0 lo 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
tc@box:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
The 'Flags' UG mean 'Gateway' (ie. the router) is 'Up'. From the route command the gateway is telus.home and the route -n command confirms that the gateway's IP address is 192.168.1.254. Different ISPs/routers will use different gateway addresses.
This example uses a D-Link router server, attached 16Gb USB stick, running dCore-jessie.
Most modern routers have USB storage capability, attach USB storage device to back of router.
Using the router's administator name and password, login to router and enable 'Shared Storage'. Review router's 'network overview' or 'services' to confirm 'Shared Storage' or 'File Server' enabled, including the type and size of storage device attached.
Import and load smbclient, OnDemand unless using at every boot:
sce-import -o smbclient sce-load smbclient
Use smbclient to list available router shares, use the router's IP address, example:
smbclient -L 192.168.1.254
tc@box:~$ smbclient -L 192.168.1.254
smbclient: Can't load /etc/samba/smb.conf - run testparm to debug it
Enter tc's password:
dos charset 'CP850' unavailable - using ASCII
Domain=[JUNK] OS=[Unix] Server=[Samba 3.0.28]
Sharename Type Comment
--------- ---- -------
A Disk Generic USB Flash Disk (Rev: 0.00)
IPC$ IPC IPC Service (Telus File Server)
Domain=[JUNK] OS=[Unix] Server=[Samba 3.0.28]
Server Comment
--------- -------
TELUS Telus File Server
Workgroup Master
--------- -------
JUNK TELUS
In the example above, the server is 'TELUS' and USB Flash Disk Sharename is 'A'. Ignore all /etc/samba/smb.conf warnings, a smb.conf file is not required.
Connect to the USB storage device. Note double slashes used as escapes, no capitalization required, simply press Enter at 'tc's password:' prompt if not using a user password. Example:
smbclient \\\\telus\\a
tc@box:~$ smbclient \\\\telus\\a smbclient: Can't load /etc/samba/smb.conf - run testparm to debug it Enter tc's password: dos charset 'CP850' unavailable - using ASCII Domain=[JUNK] OS=[Unix] Server=[Samba 3.0.28] smb: \>
A Samba prompt is now available (smb: \>), successful connection!
Basic usage:
- Enter '?' to view commands.
- To list files use 'ls'.
- To place files use 'put', can only 'put' files from working directory.
- To retrieve files use 'get', files copied to working directory.
- To exit use 'exit'.
smb: \> ls
. D 0 Thu Jul 21 07:15:13 2016
.. D 0 Wed Jan 1 00:00:14 2003
07.22-07.28.pdf A 25548096 Thu Jul 21 06:23:10 2016
home D 0 Wed Jul 13 20:12:48 2016
hp7610_manual A 12074424 Thu Jul 14 20:01:08 2016
hp7610_poster A 1890153 Thu Jul 14 20:00:26 2016
hp7610_quick_guide A 6995973 Thu Jul 14 20:00:02 2016
15713248 blocks of size 1024. 15667168 blocks available
SSH
The OpenSSH-server package does not run “out of the box” because the SSH-keys must be created manually once and then included in 'mydata.tgz'.
Preparations
- After loading the extension for the first time, issue
ssh-keygen -Ain order to have the necessary keys generated. This will populate '/etc/ssh/' with private and public keys. - Add “etc/ssh/” to '/opt/.filetool.lst' and issue
backup.
Running
Start the server via sudo /etc/init.d/ssh start or sudo service ssh start (on Ubuntu).
