A router controls network traffic: It allows computers on a private network to talk to each other, as well as to outside networks such as the Internet. The router also enables several computers to share a single Internet connection, and can redirect incoming requests to specific machines (for example, redirecting Web requests to a dedicated web server).
A firewall is a set of instructions given to the router that restricts access between networks. The firewall can protect computers on the local network by blocking insecure data to and from the Internet. It can also restrict traffic within the local network if certain machines contain highly sensitive data.
The router and firewall services are provided by the Linux kernel and Netfilter IPtables.
A webserver allows one to publish websites from a local machine, avoiding costly hosting fees and the hassles of remote adminstration. At the core is the Apache Web Server, currently the most widely-used webserver on the Internet. Apache alone is sufficient for most websites, and for those that require additional functionality there are several additional web-services that can be integrated. Some of these are:
The Courier Mail Server provides an integrated solution for all email services, including:
The ISC DHCP Server provides a convenient method for adding new machines to the network: Once it is configured, adding new machines is as simple as plugging in the network cable; or in the case of wireless, simply turning the computer on.
A name server is the software that translates domain names (e.g. www.example.com) to numerical addresses that specify the physical location computers on the Internet. It is common practice to rely on ISP name servers, however this is somewhat unreliable because on occasion the ISP name servers go down. When this happens it becomes very difficult to reach external Internet sites even when the Internet connection itself is working fine. Running a local name server offers a layer of protection against such third-party failures.
A second benefit to running a local name server is that it gives access to much more of the Internet than is allowed by the ISPs. ISPs generally restrict the available domain names to a small subset (e.g. .com, .org, .net) of the total names available. With a local name server you will also be able to access millions of addtional Internet sites, such as http://www.thunk.geek, http://free.tibet, and http://www.jedit.oss
The name server used is the popular ISC BIND.
By installing a wireless network card in the machine, it can be configured as an access point for a complete wireless network. Off-the-shelf wireless access points can cost hundreds of dollars, and they usually provide very limited functionality compared to server-based software. A wireless network card will cost less than $100, and will allow a local wireless network to be seamlessly integrated with a existing traditional network.
Wireless services are provided by the Linux kernel and the linux-wlan Project.
A proxy cache is a piece of software that can significantly increase Internet access speeds, especially on networks with slow Internet connections and/or several users. It does this by storing copies of the files requested from the websites on the local server, so that the next time the same file is requested, it is served from the local network instead of re-retrieving it from the Internet. It can be configured to either log web requests (e.g. for auditing purposes) or to be totally anonymous, leaving no record of who requests what.
The software that performs this service is the Squid Web Proxy Cache.
Running an FTP server is an older technique for making files on the local network available on the Internet, and is gradually being replaced by the Web for this purpose. Running an FTP server is still useful for some internal network purposes, however, such as transferring files between a website development machine and the web server. FTP is one of the most popular methods for transferring files between Microsoft Windows machines and Unix/Linux servers.
The default FTP server is ProFTPd.
Rsync is a powerful method for transferring files to and from the server. When one transfers files between machines using rsync, only the differences are transferred. For example, if a file is transferred to the server, then a few minor changes are made, then it is re-transferred, rsync will not transfer the entire file the second time: Instead, it only transfers the parts that have changed. When making small changes to several large documents, this can significantly reduce the load on the network, and makes file synchronization much faster. Rsync also allows one to encrypt the transfer, which is useful if sensitive data is being transferred over a public network (e.g. the Internet).
An IRC (Internet Relay Chat) server provides a local real-time communication channel, similar to software such as AOL Instant Messenger or Microsoft Netmeeting. It allows for both public and private channels, supports encrypted connections, and automatic logging. The IRC software is provided by IRCD-Hybrid.
The industrial-strength PostgreSQL database is available for those with complex data storage and manipulation requirements. PostgreSQL is a free alternative to high-cost products such as Oracle and SQL Server, making it ideal for small to mid-sized organizations. And, in the unlikely event that one's needs outgrow PostgreSQL, the data can be easily exported to other databases.
SSL encryption makes it possible to encrypt all communication between clients and the server. This provides complete security for all remote access, even when the underlying network is inherently insecure (e.g. wireless networks and the Internet).
NTP (Network Time Protocol) guarantees that the system will always have the correct time down to millisecond accuracy. The hardware clocks in computers are notoriously unreliable, often drifting by several seconds each day. Over the course of a year, or even a month, the cumulative effects of this can cause data timestamps on the machine to contain significant errors. NTP solves this problem (without any adminstrative effort) by regularly polling remote NTP servers, thus keeping the system clock in sync with atomic clocks around the world. Furthermore, by running the NTP software the local server itself may then be used to sychronize clocks on other machines on an internal network.
Remote administration options are very flexible and powerful: There is nothing on the system that cannot be done from anywhere in the world if the need arises. Many people opt to administer the server completely remotely, to the point where a monitor, keyboard, and mouse are not even hooked up to it. When combined with SSL encryption, remote adminstration is the most convenient and secure way perform system maintenence.
A journaled filesystem (ReiserFS) provides fast crash recovery in the event of a system failure or power outage. Systems that must perform complete disk checks can take up to an hour or more to recover on a machine with large hard drives, whereas journaled filesystems allow the same machine to recover in seconds. ReiserFS has the additional benefit of being significantly faster than traditional filesystems for most server-related tasks.
Unlike add-on backup solutions used by most systems, backing up one's data was a key consideration in system design. As a result, data backups are network transparent, require little adminstrative effort, and offer fast, reliable data recovery. The system automatically backs up only what is absolutely necessary, and will transfer the backup data to remote machines without any user intervention. By contrast, tape-based backup solutions are costly, require constant manintence, and still do not protect against large-scale catastophes such as fire, flood, or earthquake unless extra effort is made to store the tapes offsite (which also means that the backup tapes are never around when you need them).
Michael Carmack (karmak@karmak.org)