Plop Linux - Server Version
Table of Contents
You can use Plop Linux as Server. A few server programs are installed by default. Additional server programs for a LAMP system can be installed easily.
Default server software: Bind, DHCP, ushare, Samba, FTP, SSH, TFTP, NFS, CUPS, ClamAV
Additional server software: Fetchmail, Dovecot, Postfix, Amavis, MySQL, Apache, PHP, SpamAssassin
To have a server without Xorg, Xfce and all GUI programs just remove the whole /opt directory. Some software like the graphic libraries (jpeg, png, gif, tiff) are installed in /opt. Just reinstall them to /usr. The compile scripts are already included in the archive.
You find the additional server program source codes in the 50-server/ directory.
01-stuff/ 02-image-libs-USR/ 20-mail/ 30-mysql/ 40-http/ 45-php/ 50-gpg/ 70-clamspam/
Every directory has compile scripts to easily compile and install the programs. For detail information about compile scripts read the Build Tools Sources and Compile Scripts section.
As you compile the programs from the source code, all configurations can be done as described in the documentation of each program. You should find the documentation of the programs on their websites. The programs are compiled with the configuration directory in /etc and program/data directory in /usr and /var.
You have to use iptables to setup your firewall.
Create a script with your firewall rules in /var/firewall/ with the name firewall.sh
Set the file permissions with chmod 700 /var/firewall/firewall.sh
Start the script during boot with /etc/rc.local. Add the line /var/firewall/firewall.sh above the line with ifconfig or dhclient in the file /etc/rc.local
Read the documentation of iptables to setup the firewall rules that you need. The following scripts are only examples. You are responsible for your firewall!
A simple firewall script example
#!/bin/sh IPTABLES=/usr/sbin/iptables # Deny access from outside. $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP # Permit anything going out. $IPTABLES -P OUTPUT ACCEPT # Flush (-F) all specific rules. $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT # Allow connection to port 22 (SSH) from internet $IPTABLES -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
#!/bin/sh IPTABLES=/usr/sbin/iptables LANETH=eth1 WANETH=eth0 # Permit anything going out and drop input $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT # Flush (-F) all specific rules $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT $IPTABLES -F -t nat $IPTABLES -A INPUT -i $WANETH -p udp -j ACCEPT $IPTABLES -A INPUT -i $WANETH -p icmp -j ACCEPT # Forward all packets from $LANETH (internal network) to $WANETH (the internet). $IPTABLES -A FORWARD -i $LANETH -o $WANETH -j ACCEPT # Forward packets that are part of existing and related connections from $WANETH to $LANETH. $IPTABLES -A FORWARD -i $WANETH -o $LANETH -m state --state ESTABLISHED,RELATED -j ACCEPT # Permit packets in to firewall itself that are part of existing and related connections. $IPTABLES -A INPUT -i $WANETH -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow connection to port 22 (SSH) from internet $IPTABLES -A INPUT -p tcp -i $WANETH --dport 22 -j ACCEPT # Allow all inputs to firewall from the internal network and local interfaces $IPTABLES -A INPUT -i $LANETH -s 0/0 -d 0/0 -j ACCEPT $IPTABLES -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT # Accept inputs from port 9000 and above $IPTABLES -A INPUT -p tcp -i $WANETH --dport 9000: -j ACCEPT # Enable SNAT functionality on $WANETH $IPTABLES -A POSTROUTING -t nat -o $WANETH -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward
PXE Network Boot Server
To create a server for PXE network booting follow the instructions in the PXE Boot from network (DHCP, TFTP, NFS, Samba, FTP, HTTP) - Linux server article.
© 2016 by Elmar Hanlhofer