500 MHZ PIII + FreeNAS + OpenVPN + m0n0wall = love?
August 21, 2008 10:17 AM Subscribe
My girlfriend has expanded her theater management business, hired some employees, and wants to have a file server, have a firewall, and have remote access to the office network. Can I do all this with a Dell PowerEdge 500Mhz PIII? If so..
So I'm thinking to install FreeNAS and add m0n0wall and OpenVPN.
The server has:
- 4 17.5 GB 10,000 RPM SCSI discs
- one 8.5GB IDE drive
- an Adaptec AHA-2940U2W SCSI card
- 2 wired NIC's, one is 10/100/1000 Mbps and the other is 10/100Mbps
- 256MB of PC100 ECC RAM
There are 5 full time users of the network who run:
- one running Windows 2000 on a desktop and XP on a laptop
- one running on an Apple laptop
- one running an XP desktop and an Apple laptop
- two running an XP desktop and XP laptop
There are 2 printers that connect directly to the network. I have some switches and a wireless router I'll run behind this thing. They do most of ther work in MS Office & Outlook.
I'll install the OS on the 8.5 GB IDE drive, I'll use the SCSI discs in a RAID 1+0, i guess and use the gigabit card as the WAN interface and the slower card as the LAN interface.
I've never done anything like this before. This is what i've worked out to do, but please let me know what else to consider and where to revise.
Additionally, how do I limit some of her employees access to some of the files through a policy rather than a file by file chmod or whatever? Also, should I get more RAM?
So I'm thinking to install FreeNAS and add m0n0wall and OpenVPN.
The server has:
- 4 17.5 GB 10,000 RPM SCSI discs
- one 8.5GB IDE drive
- an Adaptec AHA-2940U2W SCSI card
- 2 wired NIC's, one is 10/100/1000 Mbps and the other is 10/100Mbps
- 256MB of PC100 ECC RAM
There are 5 full time users of the network who run:
- one running Windows 2000 on a desktop and XP on a laptop
- one running on an Apple laptop
- one running an XP desktop and an Apple laptop
- two running an XP desktop and XP laptop
There are 2 printers that connect directly to the network. I have some switches and a wireless router I'll run behind this thing. They do most of ther work in MS Office & Outlook.
I'll install the OS on the 8.5 GB IDE drive, I'll use the SCSI discs in a RAID 1+0, i guess and use the gigabit card as the WAN interface and the slower card as the LAN interface.
I've never done anything like this before. This is what i've worked out to do, but please let me know what else to consider and where to revise.
Additionally, how do I limit some of her employees access to some of the files through a policy rather than a file by file chmod or whatever? Also, should I get more RAM?
It sounds like you're all set for gear; you might want to drop in another 256 of ram, but other than that, the hardware should be okay. As JauntyFedora says, your Internet connection won't benefit from the gigabit network card, so you might want to swap them around; chances are, though, your LAN won't benefit either, so it's no big deal.
I'm not sure I would install the OS on a non-redundant drive, since the failure of that drive will render all your data unavailable; you might want to sneak it onto the RAID too. Also, I wouldn't try to combine two appliance OS distributions like FreeNAS and m0n0wall, especially if you're new to both - they aren't meant to run together and the integration would be extremely tricky. What about something like ClarkConnect, a Linux distribution designed as an "only server" for small businesses? That would take care of firewall, VPN, file serving, and whatever else you might need. I've never tried it myself, but I've heard good things.
posted by pocams at 10:55 AM on August 21, 2008
I'm not sure I would install the OS on a non-redundant drive, since the failure of that drive will render all your data unavailable; you might want to sneak it onto the RAID too. Also, I wouldn't try to combine two appliance OS distributions like FreeNAS and m0n0wall, especially if you're new to both - they aren't meant to run together and the integration would be extremely tricky. What about something like ClarkConnect, a Linux distribution designed as an "only server" for small businesses? That would take care of firewall, VPN, file serving, and whatever else you might need. I've never tried it myself, but I've heard good things.
posted by pocams at 10:55 AM on August 21, 2008
One other piece of advice - pick up and test an identical replacement SCSI card right away. I've had RAID cards (even good ones like Adaptec) fail as often as SCSI drives, and it's really hard to recover your array if you don't have another identical card to swap it with. Now is the time to find one on eBay and get it tested so you'll have it when you need it.
posted by pocams at 10:57 AM on August 21, 2008
posted by pocams at 10:57 AM on August 21, 2008
Stuff more memory into the server. Scrape together another box that you set up to boot off a CF card + CF/IDE adapter to run your firewall, remote access & DHCP. I'd looked into Zeroshell for such use in the past. That way they still have basic network services if the server goes down. Also, if you mis-configure your firewall by mistake, you won't be exposing the raw underbelly of your fileserver directly to the internet.
posted by Good Brain at 11:01 AM on August 21, 2008
posted by Good Brain at 11:01 AM on August 21, 2008
As GoodBrain says, you'll want another server for your firewall with 2 NICs. For a firewall, ideally you run as little extraneous software on it as possible, but in practice a lot of people run remote access, DNS, DHCP on it as well due to limited budget for hardware.
I've heard of Zeroshell but I've found Untangle to be dead easy to install and configure.
posted by rocketpup at 11:27 AM on August 21, 2008
I've heard of Zeroshell but I've found Untangle to be dead easy to install and configure.
posted by rocketpup at 11:27 AM on August 21, 2008
"So I'm thinking to install FreeNAS and add m0n0wall"
I'm not sure that makes sense -- FreeNAS and m0n0 are both based on FBSD, yes, but they're two separate appliance install images. How do you plan to run them at the same time? If you know FBSD I guess you'll be able to work something out, but you give a pretty strong impression of being green here, so you'd better think about how you intend to run what are basically two operating system images at one time on one machine.
I'd seriously consider scraping up another ancient but serviceable piece of hardware to run your firewall/router on instead, or buying an old Linksys router (fifty bucks, tops!) and flashing it with a decent system image that has the security and VPN features you want. Doing so will keep you from sticking the machine with everything on it out on the Internet, which isn't a grand plan security-wise.
"I'll use the SCSI discs in a RAID 1+0"
Why? Do you need two-disk failure tolerance, or could you get by with RAID-5 and a spare drive sitting on a shelf?
"use the gigabit card as the WAN interface and the slower card as the LAN interface. "
That's backwards, unless you have a gigabit connection to the Internet. If you do, maybe consider scaling down your ISP bill by a couple hundred thousand a month and using the proceeds to buy a fancier server and hire some system administration expertise.
"256MB of PC100 ECC RAM"
Buy more. A lot more. As much as you can afford. Get everyone to sell plasma and use the proceeds to buy memory if you have to. Beg on Craigslist if you must.
"I'll install the OS on the 8.5 GB IDE drive"
Really? The system image that supports the entire IT infrastructure is going to have its sole copy residing on an ancient IDE hard drive that's probably close to or past its service life? I'd rethink the risk proposition of that idea, because that component is going to be the next thing to fail on this wheezing archaeological artifact of a server.
posted by majick at 11:37 AM on August 21, 2008
I'm not sure that makes sense -- FreeNAS and m0n0 are both based on FBSD, yes, but they're two separate appliance install images. How do you plan to run them at the same time? If you know FBSD I guess you'll be able to work something out, but you give a pretty strong impression of being green here, so you'd better think about how you intend to run what are basically two operating system images at one time on one machine.
I'd seriously consider scraping up another ancient but serviceable piece of hardware to run your firewall/router on instead, or buying an old Linksys router (fifty bucks, tops!) and flashing it with a decent system image that has the security and VPN features you want. Doing so will keep you from sticking the machine with everything on it out on the Internet, which isn't a grand plan security-wise.
"I'll use the SCSI discs in a RAID 1+0"
Why? Do you need two-disk failure tolerance, or could you get by with RAID-5 and a spare drive sitting on a shelf?
"use the gigabit card as the WAN interface and the slower card as the LAN interface. "
That's backwards, unless you have a gigabit connection to the Internet. If you do, maybe consider scaling down your ISP bill by a couple hundred thousand a month and using the proceeds to buy a fancier server and hire some system administration expertise.
"256MB of PC100 ECC RAM"
Buy more. A lot more. As much as you can afford. Get everyone to sell plasma and use the proceeds to buy memory if you have to. Beg on Craigslist if you must.
"I'll install the OS on the 8.5 GB IDE drive"
Really? The system image that supports the entire IT infrastructure is going to have its sole copy residing on an ancient IDE hard drive that's probably close to or past its service life? I'd rethink the risk proposition of that idea, because that component is going to be the next thing to fail on this wheezing archaeological artifact of a server.
posted by majick at 11:37 AM on August 21, 2008
I would not use those drives in production. Especially that 8.5g drive. Seriously, how many bad clusters does it have by now? That whole setup is garbage. Expect severe hardware failures. Get good backups. You can get a cheapo machine from Dell for 500 dollars with 2 drives. Mirror them and do a smart backup. With 256 megs of ram you're only going to thrash the swap partition.
posted by damn dirty ape at 12:10 PM on August 21, 2008
posted by damn dirty ape at 12:10 PM on August 21, 2008
Also, 5 people may not need a server at all. You could put the data on a NAS and use dedicated a firewall device (linksys running dd-wrt).
posted by damn dirty ape at 12:23 PM on August 21, 2008
posted by damn dirty ape at 12:23 PM on August 21, 2008
I believe eBox integrates everything you're looking for. AFAIK it's the closest thing Ubuntu Server has to an official GUI.
posted by PueExMachina at 4:29 PM on August 21, 2008
posted by PueExMachina at 4:29 PM on August 21, 2008
« Older I left my bicycle in Berkeley. | WinAVI crapped out on Vista Premium 64-bit. What... Newer »
This thread is closed to new comments.
I can't help you with much besides that.
posted by JauntyFedora at 10:35 AM on August 21, 2008