The Presence of the Running Machine on the Internet

Everything has a start, and has an end.

Deploying a server over the Internet is different from setting up a local server without being revealed to outside people. For a server to be unknown on the Internet by fully-qualified hostname, it requires some registration processes. Furthermore, since the server is known to the public, some security measures should have been taken to avoid the abuse of the server.

This package includes basic elements for network operation, for example, DNS, FTP, firewall, backup storage server, VPN (Virtual Private Network) and Email .

We start from the introduction on Domain name registration with the following diagram:

1. Purchase domain name from the “vendor for domain name registration”

The “Domain Name Registration Vendor” usually will provide a Web interface for you to query your desired domain name. You may find some of the domain names you like have been acquired by other people. It is necessary for you need to find a domain name that is not being occupied. And then make the purchase of the domain name from the “Domain Name Registration Vendor” to complete this step.

2. Purchase Internet bandwidth and obtain “static” IP addresses from your local ISP (internet service provider).

Usually, the ISP will give you a set of IP addresses that may include a list of public IP addresses, the netmask, and the default Gateway. This IP information will be used when you install the software and configure your server. You shall keep the information in a safe place once you obtain that from your ISP.

3. Find a legitimate “DNS host provider”

It is to host your domain name (which you get from step 2) and the associated static IP address (which you get from step 3) record so that everybody on Internet can use your domain name to reach your server. Usually, the “DNS host provider” will provide a Web interface to allow you to input your domain name and the mapped IP address record into their hosted server. This step is completed after you have entered the data into the web page.

4. Update the record at the “Domain Name Registration Vendor” server with the IP addresses of the “DNS host provider”.

At this step, you need to access the website provided by “Domain Name Registration Vendor”. If you do not know the DNS server’s IP addresses of your “DNS host provider”, you can do as follows at your Windows command prompt (the command prompt is reached through Start > Run > cmd), issue the command

　　C:\>nslookup DNS-server- name-from-your-provider

The system will respond with the IP address of your “DNS host provider”. Usually, you need to find two IP addresses of the two DNS servers provided by “DNS host provider” (one is called primary DNS host server, the other is secondary DNS host server). The two IP addresses will be entered into the record in the place of “Domain Name Registration Vendor”. We suggest using primary DNS server and secondary server from different places. The Azblink server package also provides DNS server. But to allow people all over the world can query your domain, you should have your domain name placed in different DNS servers to alleviate the load.

5. Wait until it is in effect.

In general, it needs 24 hours to 72 hours to have your domain name record of the server populated across the world so that people can use domain name to access your server.
Those are the general steps as long as you want to have your own private server(s) on Internet.

Basic Web Setting

After the system installation be finished, take the CD out, reboot the machine, and then start the basic network setting for the system.

There are two modes to configure the host, one is console mode on the local host, and the other is Web interface mode on Client. You can choose the one you like or just by the network environment of that time.

Console Mode --- configure on local host

A. Input account and password to login into console configuration interface.

　login：reset
　Password：root123

B. You will see 7 options after login in

　1. IP Address：192.168.19.185
　2. Netmask：255.255.255.0
　3. Default Gateway：192.168.19.1
　4. Save and Reboot
　5. Reset to CD setting (DHCP) and Reboot
　6. View Current Active Values
　7. Exit without Saveing Changes

C. Is there any fixed ip ready for configuration?

　 Yes, type fixed IP address, Netmask and Default Gateway into option 1.2.3. severally. You can use up
　　and down arrow to choose the option who needs edit, and then press enter to configure. After option 1.2.3
　　be correctly configured, you can use option 4 to save these changes and reboot the machine. (If you have
　　no idea about the Netmask and Default Gateway, you can just refer to the Completion List provided by your
　　ISP.)

　 No, if there is a DHCP server providing the IP assignment services in your network, you can just use option6
　　to check the IP address assigned by the system. After checking eth0, please write down the IP address, and
　　remember to use option 7 to quit the Console interface.

D. By the IP address you set or the one obtained from DHCP, you can view the configuration page of the
　　 system host via Web browser on remote Client.

※ DHCP server exists in your network, but if you find eth0 shown as IP 1.2.3.4 when you check current system value, please check if your network cables plug into wrong place (eh0 and eth1 may been exchanged), or if there are some problems on other equipments. (Refer to Q&A in the manual)


Web interface Mode --- configure at sub-network

A. Is the host, which you installed system on, connected by other hosts?

　 Yes, please confirm the host is the only DHCP sever (that is to say the network should not have other
　　DHCP servers, e.g. IP distributor), and then start from C.

　 No, please complete basic network configuration according to B’s instruction.

B. A network cable makes host’s eth1 port and the Hub connected. And use another cable to connect to
　　Hub, let the other end of this cable link to a common Client computer.

C. Choose one Client computer from the sub-network which connected to the system host.

D. Open command prompt on the Client (suppose it’s a Windows machine), type “ipconfig” and then press
　“Enter” button, check whether the Default Gateway is 172.16.9.1 or not?

　 Yes, just close the command prompt, enter into next step.

　 No, type “ipconfig/release” to release the old IP in your computer, and then type “ipconfig/renew” to get
　　new assigned IP.
　　(If you are still unable to obtain new IP, please check if the network has other DHCP sever or not, or maybe
　　TCP/IP of this Client does not use the mode of “Obtain an IP Address Automatically”.)

E. Open your Browser, and type http://172.16.9.1 at the address bar to link. When you visit the page at the
　　first time, you will see 4 items;

　　Host Name：Please set Host Name for this host.
　　Admin Password：Default password is admin123.
　　New Admin Password：Please set new password.
　　Confirm Password：Please confirm your new password.

F. After you enter into system page, go to System>>Network, choose Internet or PPPoE depending on the
　situation.

　 Choose Internet. At the Internet Interface, mostly, you should set the values for IP address / Netmask /
　　Default Gateway and then submit, restart your machine and you will find it already connected to Internet.

　 Choose PPPoE. If you use PPPoE, remember to check the checkbox of “Turn on PPPoE”. Fill in the account
　　and password provided by ISP and submit, reboot your computer, then you can connect to the network.
　　(Please refer to the sections of Configuration and Q&A in Quick Installation Guide if you have any questions.)

Internet

If the server has more than 1 Ethernet interface, the first Ethernet interface ( known as “eth0” ) will be designated as “Internet interface” that is used to connect to the outside network if the firewall is present. And the second Ethernet interface will be used to connect to the inside network ( known as LAN interface ) that is protected by the firewall.

For the IP address of eth0 in the server, it shall be a fixed IP address for the other people to access this server without ambiguity.  For the convenience of initial setup of the server from Web interface, we still provide the methods for fetching IP address automatically via DHCP client or PPPoE.  The system is preset to launch DHCP client on the Ethernet interface eth0. Once the network is up for you to use the Web browser to access the server, you should disable “Auto setup” and specify the IP address.



There are 3 options for "eth0" to get an IP address:

1. via DHCP client ( one of auto setup options )
2. via PPPoE ( one of auto setup options )
3. Static IP ( manually setting it )

You only can choose one of them. If PPPoE is used, DHCP client and Static IP will not be used; if Static IP is used, the other two will not be used.

When you select “Auto setup”, you also need to specify which method you would like to use to fetch IP address, e.g., DHCP client or PPPoE . Once DHCP or PPPoE is chosen, the system will ignore the rest of items like “IP Address”, “Netmask”, “Default gateway”, and DNS server in this menu.  For DHCP, the parameters for IP address, netmask, default gateway, and DNS server will be obtained from DHCP server residing in the subnet that eth0 is listening to. As for PPPoE, it is necessary to fill in the corresponding data in the “PPPoE” page.

“IP Aliasing” is the feature such that one Ethernet interface can have multiple IP addresses.  Usually, those multiple “aliasing” IP addresses should sit in the same subnet as the major IP address specified previously on eth0. It does not make sense that you specify an IP address that it does not belong to the subnet it resides unless your subnets are not well partitioned.

Here, we also quickly introduce the concept of “subnet” without going into too many details.  For an IPv4 address, you usually see something like 61.2.34.56 or 192.168.1.34; actually, it stands for a 32-bit binary stream. For example,

1.2.3.4   →   00000001 00000010 00000011 00000100
61.2.34.56  →   00111101 00000010 00100010 00110100

Each “0” or “1” in the notation above is known as a “bit”. To know a group of IP addresses belonging to the same subset, you just perform bit-wise AND operation and check if the result is the same. If the result is the same, we say this group of addresses belonging to the same subnet.  To explain what AND operation is, we just specify in the following manner:

0 AND 0  →   0
0 AND 1  →   0
1 AND 0  →   0
1 AND 1  →   1

IP Address 1.2.3.4 with netmask 255.255.255.0

 00000001 00000010 00000011 00000100
AND )  11111111 11111111 11111111 00000000
-->       00000001 00000010 00000011 00000000

( The result of AND operation is 1.2.3.0 . Sometimes, we just denote this subnet as 1.2.3.0/24 because there are 24 “1”s on the netmask. A valid netmask is with consecutive 1’s from the beginning. Thus, you do not have to worry about how to put those 24 1’s in those 32 positions. )



“IP Aliasing” can be combined with “Port Forwarding” feature in Border Control to distribute the traffic into several servers for processing.  The features of Border Control will be introduced later.

PPPoE

LAN/DHCP

The first Ethernet interface eth0 is known as the interface connecting to the outside network. The 2nd Ethernet interface eth1 is used to connect the local network. Sometimes, we just designate it as LAN.

Fig 3.3

Example: Allocating IP addresses from LAN interface

Let’s use the diagram above as an example. If you click System->Network->DHCP/LAN, you set as follows:

IP Address: 172.16.9.1
Netmask: 255.255.255.0
Turn on DHCP Server (on)
Starting IP: 172.16.9.100
Ending IP: 172.16.9.200

Furthermore, it needs to be very careful when you configure the network. Many people made mistakes by using conflicting address for LAN with respect to outside network.  For example, if your outside network is 172.16.9.0/24, your LAN shall be configured by avoiding this class of IP addresses. It is very important to remember this principle to avoid network conflict. This is a common mistake when you are using firewall to separate the network between your office and lab, or deploying a Wireless Access Point into the existing network. This case happens very often when you temporarily put your machine temporarily over an existing network and configure it there and move it to other place.  We will elaborate that later.

If DHCP server is not turned on, then the eth1 interface turns on to be an ordinary Ethernet interface.  Please notice that DHCP client is not running on this interface eth1 so that it does not fetch the IP address from other DHCP server. If you want to turn off DHCP server on this interface, you always need to make sure that you choose the right IP address for eth1.

There is chance that you might deploy this server into private network to separate the traffic ( Please refer to the case “Separate the traffic between office and lab” in the section “Deployment issues” at the end of this document ).  If your machine is with two Ethernet interfaces, during the initial setup, the firewall will be up automatically.

When you set IP address for eth0 and eth1, you have to be carefully without letting them belong to the same network.  For example, if eth0 belongs to 192.168.1.0/24, you should not set eth1 to IP address belonging to that network. Instead, you should set eth1 to something else like 172.16.2.1 so that it will not conflict with IP address using by other machine in 192.168.1.0/24.  

Static Routing

Example: Setting Static Route

In the diagram above, the local network behind the firewall is 192.168.11.0/24. However, there is another network 172.16.9.0/24 behind a gateway G. G is with two Ethernet interfaces: one is with IP 192.168.11.10, the other is with IP belonging to 172.16.9.0/24.  Thus, if we want to have the traffic from 192.168.11.1 to travel to the network 172.16.9.0/24 via G, we need to set as follows:

Destination network: 172.16.9.0
Netmask: 255.255.255.0
Gateway: 192.168.11.10



Please notice that this gateway is not “default gateway”; this is the “gateway” to the 172.16.9.0/24 .  Furthermore, doing the setting as above does not guarantee your network communication between firewall eth1 and anther server behind the gateway ( denoted as A ) will be running smoothly.  It also needs to have the similar setting in A such that it will know the network 192.168.11.0/24 is behind the gateway G correspondingly. As shown in the diagram, host A needs to set its gateway to 192.168.11.0/24 as “172.16.9.1” . So, the traffic from firewall to A can have the correct route for the response packets issued from A.