At this point, I get off of the server, I mean disconnect the monitor and keyboard. But first remember to configure the BIOS to ignore keyboard errors, important for unattended operation! I wait until at least the updates are done and I have tested out the static IP to “unhook”. If you are setting up firewalls it is best to do it sitting at the machine as well. Because a mistake setting up the firewall can lock you out of connecting with SSH remotely! The firewall, set via the iptables, can block or allow access to incoming or outgoing ports, by passing or dropping packets. The firewall can be configured via tools such as ufw (uncomplicated firewall) to allow certain services to go through. IP addresses and ranges can be blocked or allowed as well. This can get complicated in a hurry. More on this later.
If you are accessing the machine remotely using Windows, you will need Putty. Check out this guide http://www.havetheknowhow.com/Configure-the-server/Install-Putty.html
Logging onto the machine remotely from Linux, is done at the command prompt using either of these…
ssh machines-name
ssh machines-ip-address
From Windows, fire up Putty and put in the machines-name or machines-ip-address in the appropriate spot. You will be presented with a CLI ( Command Line Interface ) prompting for password on connection.
If the machines-name one doesn’t work, then the name is not mapping to the IP address locally, it is a DNS thing in this case. You can just go ahead and use the machines IP. Which you should have configured static previously.
With both Win and Linux you will get a warming the first time you SSH into the server. The warning has to do with not trusting the RSA key, which makes sense, giving that it is the first time the connection is being made. The machines don’t know each other, so just enter yes and they will be key-paired so that in the future you won’t be presented with this question.
With SSH you can continue with the configuration of the machine remotely. The next item on the list is Samba. If you are configuring remotely at a Windows machine it is easy to see if you are configuring Samba correctly. It can be tricky to get working. Searching on line, I found a lot of posts on folks struggling to get Samba to work.
Getting it to the outside world
So far all of this operation has occurred on the LAN. What if you want to make a website or any other port connected to the outside world.
For me, I went into my router via its web config page and opened up port 80 to the outside word, by forwarding the port, connecting the forwarded port to the local IP address of the server. Along with the Port 22 for SSH as well. If you run Webmin you can forward port 10000 for Webmin. Now I could navigate to my external IP and see the web page of the web server from anywhere. Initially I made port 8080 available so that I could login to the router as well, but then I decided against it. I figure why open more ports than you need. Keep it simple. How many times will I need to actually get to the router, it’s mostly set it and forget it. The inexpensive Netgear N150 router has worked reliably and has near perfect up-time so far.
Noip for a Static Address
Install noip2. Not sure, my notes aren’t clear but, I think I had to compile and install it after it didn’t work via sudo apt-get install noip2. This is dynamic DNS support support for the URL. The noip2 program runs at startup and periodically reports the IP address of my ISP to the noip headquarters, I suppose, so the URL I picked out goes to my server. Otherwise I would have to go to the actually IP address and then find out what it is when it changes. This seems like a pain if you have to do it remotely, even while experimenting initially. Luckily my ISP does not change my address very often so this step for me is optional. I did run noip with my last server. I may run it for this one at some point. But the IP address stays the same for months so it is not a pain, even if I wanted to point to it with a name. I could even so something clever like send myself an email when it changes.
Router support for noip or dyn-DNS
A new firmware upgrade for my router has added support for noip, so now it would be possible to do this from the router itself. I haven’t investigated yet, but check yours it may be possible to use noip or dyn-DNS right from the router end and not have to mess with the server at all.
Beware of opening ports
Having things like SSH and FTP, ports 22 and 21 respectively open to the outside world can invite trouble. My router logs routinely show attempts to access the SSH port by various IP’s, if I leave them open, which trace to foreign countries, China mostly. I don’t leave FTP open at all and am keeping SSH off as well until I can firewall this server. For now accessing SSH and FTP from the LAN is good enough. Ideally I want to modify iptables to only allow trusted IP addresses into SSH, the rest, drop the packets as they arrive.
These attempts I see in the router log probably try to hit the username and password with a bunch of guesses or try to look for obvious ones. These cyber-criminals are trying to jack into your machine and do whatever damage they can to the web. So be cautious.
Next do some file sharing with Windows machines using Samba…