First dip into a home server/firewall.

Bop

2[H]4U
Joined
Oct 1, 2003
Messages
3,306
For a while now I've been interested in adding a Linux based server into my home network but my limited knowledge in the area is a problem. Google searches seem to bring me to guides dated from years ago, so I would like to find the more current state of things. They usually don't answer all my questions either.

I know it's generally not a good idea to have a multi-purpose machine at least without VMs, but I don't want to have two servers in my small apartment and I don't think whatever I get on my budget would be sufficient for VMs. I'm looking to accomplish these tasks:

1. Back up data from my Windows 7 based PC
2. Host files(media) to share on my home network.
3. Serve as a hardware firewall.
4. Potentially host files on the internet so I can access certain files from anywhere.
5. Act as a print server.
6. Host a Minecraft server for my friends and I. :)

From what info I've gathered I'm thinking about using Ubuntu Server. As for hardware I was thinking of using:

Intel i3-530 (or Athlon 240e)
2x2GB DDR3 1333 RAM
Intel BOXDH55TC Motherboard
2-4x WD Caviar Green WD10EARS 1TB
2x Intel Gigabit CT PCI-e Ethernet cards
Antec Mini P180 (must be small & quiet!)


My main questions are:

1. Is it feasible to do all of these tasks?

2. To use it as a firewall/router/fileserver how should I connect it to my network?
ex: Modem->Server->D-Link router-> PCs?

3. How should I arrange the HDDs? I was thinking one small one for the OS, a 2x1TB RAID1 array for the backup/home fileserver, and possibly another small one for the ftp.
 
Last edited:
It's a very bad idea to have your firewall and internal server on the same computer sharing the os/hardware. If it's compromised your data could be lost or stolen. Not a big deal if you're simply using the server to store mp3s and such, but if you plan to backup personal data on that server I would advise you to get a stand alone firewall.

I'm using this for my firewall. With a older 80GB sata drive it uses just a tad under 30watts. no hdd it uses a tad over 20watts.

If you'd want the board alone here it is:
http://www.newegg.com/Product/Produ...m_re=intel_atom_server-_-13-182-234-_-Product
I like this board because it has dual intel gigabit nics built right in. However, be careful choosing memory for it though as it seems to be picky.

This server/board works very well with untangle. Though I haven't personally tried it I'm pretty sure PFSense will also work well with it. Smoothwall is another great one.
Actually if you have a older computer kicking around you could easily throw PFSense or smoothwall on it, throw a couple intel 10/100 nics in it and save the money to put towards a good hardware raid controller for your server.
 
Last edited:
I used this Supermicro case..what I like about the specific case that I found was..it has front I/O ports. Works better for a rack.

Supermicro 1U case, $89.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16811152107

Supermicro Atom D510 board with dual Intel gigabit and IPMI remote module, $219.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16813182238

Seagate Pipeline drive, designed for extra quiet, extra low power, extra low noise, 24x7 running in tight spaces like DVRs. It's an ideal drive for firewall appliances. $49.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16822148556


For an OS I recommend you look at ClearOS.
 
I used this Supermicro case..what I like about the specific case that I found was..it has front I/O ports. Works better for a rack.

Supermicro 1U case, $89.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16811152107

Supermicro Atom D510 board with dual Intel gigabit and IPMI remote module, $219.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16813182238

Seagate Pipeline drive, designed for extra quiet, extra low power, extra low noise, 24x7 running in tight spaces like DVRs. It's an ideal drive for firewall appliances. $49.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16822148556


For an OS I recommend you look at ClearOS.

Ye, that board seems to be identical to the one that I recommended except that one is a little bigger (and $20 more)
http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPE.cfm?typ=H&IPMI=Y
http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPA.cfm?typ=H&IPMI=Y
Unless I'm missing something really small :confused:
 
Heh...I dunno, I'm missing it too. 1 extra inch in size, 20 bucks. Was going to quickly say the extra 20 was for the IPMI remote management option there is a similar mobo to mine without it..about 30 bucks less I think. But I dunno what the difference 'tween mine and yours is..except mines bigger! :D
 
This increases the cost by a third, but since it'll be such a long term investment I'll definitely consider it.

For the firewall, based on all your input, I'm thinking:

SUPERMICRO MBD-X7SPA-H-O
http://www.newegg.com/Product/Product.aspx?Item=N82E16813182233

1GB RAM

As for an enclosure I do not have a rack mount so I'd need a small floor standing case:
Silverstone Sugo SG05-B
http://www.newegg.com/Product/Product.aspx?Item=N82E16811163149

Would an i3 be overkill for a fileserver? I'd like to save costs anywhere I can, but I am unsure I could host a server for Minecraft if I downgrade.
 
That's a pretty cool case....I may snag one of those for when I rebuild a little efficient desktop PC for the wife.

What kind of typical file storage use are you talking about? It's your budget. IMO Atoms are fine for home file storage. Years ago I was always about overkill, now I'm done with that, tired of 800 dollar a month electrical bills, I'm going power efficient wherever I can now.
 
Another great thread, what firewall software are you planning to tun ? Untangle or something else ?

I am with the other's on keeping the firewall separate too!
 
I only need about 1TB for a weekly backup. (2x1TB RAID1) I'd go for an Atom if it wasn't going to be a game server as well. I've heard that Minecraft doesn't appear to use multiple cores efficiently(so I need something with a fast clock speed) and that it is a memory hog so I'd like headroom for up to 8GB. I plan to host 4-6 clients. I'm not sure if I'd need a fast main HDD for such an application.

I may actually build the firewall later and continue using my D-Link DGL-4300 until I can more easily afford one. I'll still research software in the meantime since I pretty much know what hardware I'll get. The server is more important to me right now though.
 
Might want to still chase down those Supermicro 1U setups, just get a motherboard that supports the Pentium D...to keep down the cost and power consumption. I'm not familiar with Mindcraft, mebbe I'll Google it later. I have quite a bit of experience building public gaming servers..for the more FPS type...Quake series, Unreal series, Battlefield series, etc.

What's your upload speeds?
 
Upload speed is 1 Mb/s.

I thought the i3 would be a good balance after reading this article:

http://www.tomshardware.com/reviews/d510mo-intel-atom,2616-11.html

They have similar idle power consumption but I'll have the performance available if I need it. The CPU and motherboard cost $210 together vs. $165 for the Supermicro board/CPU.

EDIT: I've been thinking about how to partition whatever I'm going to get. I'd like to use a spare WD640GB I have for the OS/Game Server/ and ftp/media file server and 2x1TBs for pure backup. Should I partition the first drive(WD640GB) in such a way that I have 20GB for the OS, 20GB for the game server files, and 600GB for the file server?
 
Last edited:
If you want to consolidate your file server and firewall into one box I'm pretty sure your options are ClearOS and eBox. ClearOS is pretty neat, full firewall, VPN and web security features with file sharing, backups, web server, ftp server, etc. eBox is similar, I tried it once and didn't really like it.

At home I run a small 1U appliance for my firewall running Astaro Home. Then I have a Windows Home Server with 2x72GB Raptors for the OS and 4x 750GB for data. This keeps my firewall and home server separate and I get the great features of WHS. You can have automatic whole system backups done nightly, share all your media on your LAN and also access them from a web interface when remote.
 
At home I run a small 1U appliance for my firewall running Astaro Home. Then I have a Windows Home Server with 2x72GB Raptors for the OS and 4x 750GB for data. This keeps my firewall and home server separate and I get the great features of WHS. You can have automatic whole system backups done nightly, share all your media on your LAN and also access them from a web interface when remote.

YES YES! Astaro :) I took it one step tho, i actually bought the astaro 220 unit lol! I KNOW I KNOW over kill! But she is so pretty! AND orange!
 
What everyone said here about fileserver/router separation is wrong... sort of. You shouldn't keep them in the same "instance"/VM. You can use VMWare ESXi on that machine just fine to separate a router using multiple vSwitches and such. The thing is, though, that your disk performance will suffer through a VM without having a separate HD controller and IOMMU for the fileserver.
 
well, then just buy an Atom board that has Intel NICs built in...

Atom boards with dual intel nics built-in cost double what this board costs, and you can pick up a dually pro-100 intel nic on ebay for less than $20.

Also, yeoldestonecat mentioned awhile back that he was thinking about waiting for these D525 boards to come out for his home untangle build, but instead pulled the trigger on the Supermicro D510 board. Now that it's out, I was hoping he would comment on them :)

I was hoping for some insights on the benefits of a "server" board from supermicro, vs. this one, especially considering the big price difference. As well as some thoughts on whether gigabit nics like the supermicro sports have any benefit vs. something like this (I'm thinking not, for a home edge device)
 
As an eBay Associate, HardForum may earn from qualifying purchases.
What everyone said here about fileserver/router separation is wrong... sort of. You shouldn't keep them in the same "instance"/VM. You can use VMWare ESXi on that machine just fine to separate a router using multiple vSwitches and such. The thing is, though, that your disk performance will suffer through a VM without having a separate HD controller and IOMMU for the fileserver.

so what do you do if your vm box goes down ? tell everyone that is using it to surf through it that is down because you decided to cut some$$ and build it all into one box ?

WONG IDEA!

keep your firewall on a separate machine, done rely on EVERYTHING in one box, not worth it.

I agree with Captian, buy a board with dual intel NICS, and be done with it :) they are worth the money.
 
so what do you do if your vm box goes down ? tell everyone that is using it to surf through it that is down because you decided to cut some$$ and build it all into one box ?

WONG IDEA!

keep your firewall on a separate machine, done rely on EVERYTHING in one box, not worth it.

I agree with Captian, buy a board with dual intel NICS, and be done with it :) they are worth the money.

Uhh, what? Tell that to all of the companies out there doing virtual machines... Besides, the risk is greater that one of two boxes will fail than the risk that one of one box will fail.

If you're talking about being compromised then it's just the firewall/router VM that would get compromised. It wouldn't bring ESXi down.

I think you should lurk and read for a while before you continue to post. You might learn something.
 
Uhh, what? Tell that to all of the companies out there doing virtual machines... Besides, the risk is greater that one of two boxes will fail than the risk that one of one box will fail.

If you're talking about being compromised then it's just the firewall/router VM that would get compromised. It wouldn't bring ESXi down.

I think you should lurk and read for a while before you continue to post. You might learn something.

I'm not talking about it being compromised, it can be hacked fucked with in a vm or on it's own.

I'm talking about the hardware failing, having the one machine that has all the vm's on it doing everything in one box, if that failed everything fails, i find it really hard to believe that companies invest their whole firewall / server into one unit.

Firewall/router should be separate. That way if the server dies then atleast traffic can go in and out of the building.
 
I don't like virtualizing an edge device, there already have been exploits again VMware, and since it's increasing in popularity..there will be much more attention focused on exploiting it as time goes on. And I'm talking about getting in through VMWare and those virtual NICs and the whole VMWare shell, not by exploiting the firewall VM. VMWare is software that ties all those NICs..even physical NICs...together. That's the part I'm not comfy with.
 
What everyone said here about fileserver/router separation is wrong... sort of. You shouldn't keep them in the same "instance"/VM. You can use VMWare ESXi on that machine just fine to separate a router using multiple vSwitches and such. The thing is, though, that your disk performance will suffer through a VM without having a separate HD controller and IOMMU for the fileserver.

What horrible, horrible advice, I'm puzzled if you are even in the tech field let alone talking about security advice. Have you been in a cave?

You should always physically separate internal and external facing components. In a recent Blackhat they demoed moving from VM to VM by exploitation. Physical separation for certain things is the way to go.

Vmware had been more immune in the past years but is now facing the same issues that most software is today. There is nothing new about being able to hack the core and or backplane, it just took them a while with vmware which is even then software. There have been some reports of backplane hacking on blade servers which is so much more extreme then vm to vm.

Someone, somewhere, always finds a way around, physical separation outside of social engineering is almost impossible to beat. I believe strongly in a physical seperation from internal to external devices, even so far as disabling serial ports on outward facing firewalls as modern botnets can target/control serial consoles (which are some of the most unsecure devices).

Just be careful what you do, you can never be to careful in these types of things.

Just for a background I've built about 6 datacenters 3 from the ground up mostly, have been a CISO and now work as a compliance and security analyst for one of the top world companies specializing in those fields as well as including FIM. Not tooting my horn, just giving background.

No one is perfect but doing an esxi VM environment that contains security devices as well as internally facing servers is just completely retarded. It's literally like security 101.
 
Last edited:
What horrible, horrible advice, I'm puzzled if you are even in the tech field let alone talking about security advice. Have you been in a cave?

No one is perfect but doing an esxi VM environment that contains security devices as well as internally facing servers is just completely retarded. It's literally like security 101.


My points exactly :) Thanks for writing that :):D
 
Sorry guys but you've all got a screw loose. This is for a home server. What I mentioned is still going to be considerably more secure than a Windows Firewall. The guy doesn't need to buy umpteen servers to satisfy your corporate security requirements. If he wants to then fine, but get real. Seriously.

And dashpuppy, stop providing crappy arguments and then jumping in with people that actually give good arguments.
 
Sorry guys but you've all got a screw loose. This is for a home server. What I mentioned is still going to be considerably more secure than a Windows Firewall. The guy doesn't need to buy umpteen servers to satisfy your corporate security requirements. If he wants to then fine, but get real. Seriously.

And dashpuppy, stop providing crappy arguments and then jumping in with people that actually give good arguments.

Stop giving your crappy useless advice then!



Home server or not, leave your firewall out of a vm / running on same machine.

THEY SHOULD BE SEPARATED!
 
What I mentioned is still going to be considerably more secure than a Windows Firewall. .

Who was suggesting the Windows Firewall as the security to lock down the RED NIC or as the Edge Device?

We're talking about a physically separate box, 2x NICs..or hell even just a stinksys, dstink, or nutgear router.....WAN and LAN..2 physically unique and separated NICs on a separated appliance, as the edge device between WAN and LAN.

I don't think anyone suggested taking a Windows box with 2x NICs...plugging one NIC into the cable/dsl/atm bridge...taking an IP address, and using the Windows ICS or whatever to protect the LAN.

Yeah, it's a home network, not Ft Knox..but YOU asked for rebuttals as to VMWare and security and an edge device sharing a physical box with VMs....with software tying together all those NICs.
 
No, no. We're talking home security and my point is that what I mentioned will be lightyears ahead of what most home users have and don't have issues with. When did I ever recommend such a configuration to corporate users? What I am recommending is appropriate for his situation. Never did I say it was appropriate in all cases.

If you want to treat your own home like "Ft Knox" then that's your decision but the guy specifically said he doesn't want to buy more servers, so I gave him a pretty secure way of not having to. It's not the most secure way in the world, no. But, face it, he's not going to have a problem.
 
Sorry guys but you've all got a screw loose. This is for a home server. What I mentioned is still going to be considerably more secure than a Windows Firewall. The guy doesn't need to buy umpteen servers to satisfy your corporate security requirements. If he wants to then fine, but get real. Seriously.

And dashpuppy, stop providing crappy arguments and then jumping in with people that actually give good arguments.

It might well be a home server, but it doesn't change the fact that even in a home environment best practices should be used if at all possible. Since the OP wanted to do a ground up setup we are suggesting what would be best.

And why are you making it sound like we are suggesting a whole rack of servers? We are only suggesting that he separate the firewall from his file/game server. One extra computer isn't a big deal. I also suggested using a older computer and repurposing it with smoothwall or pfsence. Add a couple 10/100 intel network cards and you have yourself a kickass home firewall.
 
You want him to spend a couple/few hundred more on another PC when he will not have a problem with ESXi.
 
You want him to spend a couple/few hundred more on another PC when he will not have a problem with ESXi.

At first glance it does kinda look like that, however reread post #2. see the bottom of the post? If he has a older computer he could easily save the coin and use even a old PII as a firewall box. Again, so long as intel nics are used.

ESXi is cool and all, but again, not a good idea to use on a edge computer, even at home.
 
Back
Top