Elmar Hanlhofer - Grinch Selfie
zoom

English / Deutsch | Print version Plop Linux  
Twitter
twitter

Plop Linux - Server Version



Table of Contents


• Introduction
• Download
• Compile
• Configuration
• PXE Network Boot Server

Introduction


You can use Plop Linux as Server. A few server programs are installed by default. Additional server programs for a LAMP system can be installed easily.

Default server software: Bind, DHCP, ushare, Samba, FTP, SSH, TFTP, NFS, CUPS, ClamAV

Additional server software: Fetchmail, Dovecot, Postfix, Amavis, MySQL, Apache, PHP, SpamAssassin


Download


Support the free Plop Linux with a donation.


Source Codes   Web directory
ploplinux-src-4.3.2.tar.gz 2.6GB Source code files, compile scripts

Compile


To have a server without Xorg, Xfce and all GUI programs just remove the whole /opt directory. Some software like the graphic libraries (jpeg, png, gif, tiff) are installed in /opt. Just reinstall them to /usr. The compile scripts are already included in the archive.

You find the additional server program source codes in the 50-server/ directory.

Contents:

01-stuff/
02-image-libs-USR/
20-mail/
30-mysql/
40-http/
45-php/
50-gpg/
70-clamspam/

Every directory has compile scripts to easily compile and install the programs. For detail information about compile scripts read the Build Tools Sources and Compile Scripts section.


Configuration


As you compile the programs from the source code, all configurations can be done as described in the documentation of each program. You should find the documentation of the programs on their websites. The programs are compiled with the configuration directory in /etc and program/data directory in /usr and /var.


Firewall


You have to use iptables to setup your firewall.

Create a script with your firewall rules in /var/firewall/ with the name firewall.sh

Set the file permissions with chmod 700 /var/firewall/firewall.sh

Start the script during boot with /etc/rc.local. Add the line /var/firewall/firewall.sh above the line with ifconfig or dhclient in the file /etc/rc.local


/var/firewall/firewall.sh


Read the documentation of iptables to setup the firewall rules that you need. The following scripts are only examples. You are responsible for your firewall!

A simple firewall script example

#!/bin/sh

IPTABLES=/usr/sbin/iptables


# Deny access from outside.
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP

# Permit anything going out.
$IPTABLES -P OUTPUT ACCEPT

# Flush (-F) all specific rules.
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT

# Allow connection to port 22 (SSH) from internet
$IPTABLES -A INPUT -p tcp -i eth0 --dport 22  -j ACCEPT


A simple firewall script with acting as gateway

#!/bin/sh

IPTABLES=/usr/sbin/iptables

LANETH=eth1
WANETH=eth0

# Permit anything going out and drop input
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT

# Flush (-F) all specific rules
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -F -t nat


$IPTABLES -A INPUT -i $WANETH -p udp -j ACCEPT
$IPTABLES -A INPUT -i $WANETH -p icmp -j ACCEPT

# Forward all packets from $LANETH (internal network) to $WANETH (the internet).
$IPTABLES -A FORWARD -i $LANETH -o $WANETH -j ACCEPT

# Forward packets that are part of existing and related connections from $WANETH to $LANETH.
$IPTABLES -A FORWARD -i $WANETH -o $LANETH -m state --state ESTABLISHED,RELATED -j ACCEPT

# Permit packets in to firewall itself that are part of existing and related connections.
$IPTABLES -A INPUT -i $WANETH -m state --state ESTABLISHED,RELATED -j ACCEPT


# Allow connection to port 22 (SSH) from internet
$IPTABLES -A INPUT -p tcp -i $WANETH --dport 22  -j ACCEPT


# Allow all inputs to firewall from the internal network and local interfaces
$IPTABLES -A INPUT -i $LANETH -s 0/0 -d 0/0 -j ACCEPT
$IPTABLES -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT

# Accept inputs from port 9000 and above
$IPTABLES -A INPUT -p tcp -i $WANETH --dport 9000: -j ACCEPT

# Enable SNAT functionality on $WANETH
$IPTABLES -A POSTROUTING -t nat  -o $WANETH -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward


PXE Network Boot Server


To create a server for PXE network booting follow the instructions in the PXE Boot from network (DHCP, TFTP, NFS, Samba, FTP, HTTP) - Linux server article.

Download a working sample with the full directory structure: netboot-sample.tar.gz, for ISO netboot-sample-iso.tar.gz


© 2016 by Elmar Hanlhofer
This page was last modified on 01/Dec/2016.