New operations sever at home


So, I was getting irritated that things were not working as expected with all of my equipment, and decided that I should spool up a ‘operations’ server of sorts on my network.  The goal was the following:

  1. Provide DNS resolution for local addresses in my glaske.net subdomain at home.
  2. Provide a mail-relay for my older equipment that won’t send email out, and since gmail is *secure*, I can’t just send mail to it.
  3. Provide DHCP services on my network to push out the correct domain names, and dns servers, and static reservations.

So, I spooled up a new Ubuntu 10.04 server on my vmware cluster.  Configured BIND9 to forward and cache requests, spooled up a reverse dns zone for my home networks, and forward zones for my glaske.net and legacy domains.  Works well, done in 15 minutes.

Next, setup DHCP Services and take them away from Comcast.  Using dhcp3-server, configured my scopes, options, etc.  Done in 15 minutes more, and working, now to disable DHCP on my Comcast router….  well.. yea.. not so much.  

Apparently Comcast installs their own firmware (xfinity) on the new routers.  This is apparently locked down and stupid.  DHCP cannot be disabled.  My only solution was:  setup a (1) IP Range, set the lease to Forever, and make sure something that was going to stay, got it.  – Seems to work.  Other ideas I have had were: set it to the gateway address (maybe it’s dumb enough).  Okay, check #2, DHCP is done and working.

NOTE: If you have a newer comcast router (xfinity), you may want to logon and disable some of the security features.  During my ‘playing’, it had in-advertently marked some of my workstations as restricted and was not allowing them out to the internet.  Settings are under ‘Parental Controls’, not ‘Firewall’.

In the midst of this, I cleaned up all the other services that I didn’t need running and made sure they wouldn’t run on startup with ‘update-rc.d *service* disable’, disabled fancontrol ’cause it’s a VM, disabled ‘ondemand’ for cpu throttling since it’s not available in a VM.

Next, setup postfix to relay email out for my internal network.  Created /etc/postfix/main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA’s job.
append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

#myhostname = $myhostname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost
relayhost =
mynetworks = 10.0.0.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

ran ‘newaliases’ to generate /etc/aliases.db, and /etc/init.d/postfix start, update-rc.d postfix enable.  Test connectivity, works, setup my network scanner, works like a charm.  15 minutes more.

Onto CUPS and Airprint next..  

Advertisements

About mglaske

Systems Engineer for Limelight Networks
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s