The Presence of the Running Machine on the Internet

Everything has a start, and has an end.

Deploying a server over the Internet is different from setting up a local server without being revealed to outside people. For a server to be unknown on the Internet by fully-qualified hostname, it requires some registration processes. Furthermore, since the server is known to the public, some security measures should have been taken to avoid the abuse of the server.

This package includes basic elements for network operation, for example, DNS, FTP, firewall, backup storage server, VPN (Virtual Private Network) and Email .

We start from the introduction on Domain name registration with the following diagram:

1. Purchase domain name from the “vendor for domain name registration”

The “Domain Name Registration Vendor” usually will provide a Web interface for you to query your desired domain name. You may find some of the domain names you like have been acquired by other people. It is necessary for you need to find a domain name that is not being occupied. And then make the purchase of the domain name from the “Domain Name Registration Vendor” to complete this step.

2. Purchase Internet bandwidth and obtain “static” IP addresses from your local ISP (internet service provider).

Usually, the ISP will give you a set of IP addresses that may include a list of public IP addresses, the netmask, and the default Gateway. This IP information will be used when you install the software and configure your server. You shall keep the information in a safe place once you obtain that from your ISP.

3. Find a legitimate “DNS host provider”

It is to host your domain name (which you get from step 2) and the associated static IP address (which you get from step 3) record so that everybody on Internet can use your domain name to reach your server. Usually, the “DNS host provider” will provide a Web interface to allow you to input your domain name and the mapped IP address record into their hosted server. This step is completed after you have entered the data into the web page.

4. Update the record at the “Domain Name Registration Vendor” server with the IP addresses of the “DNS host provider”.

At this step, you need to access the website provided by “Domain Name Registration Vendor”. If you do not know the DNS server’s IP addresses of your “DNS host provider”, you can do as follows at your Windows command prompt (the command prompt is reached through Start > Run > cmd), issue the command

　　C:\>nslookup DNS-server- name-from-your-provider

The system will respond with the IP address of your “DNS host provider”. Usually, you need to find two IP addresses of the two DNS servers provided by “DNS host provider” (one is called primary DNS host server, the other is secondary DNS host server). The two IP addresses will be entered into the record in the place of “Domain Name Registration Vendor”. We suggest using primary DNS server and secondary server from different places. The Azblink server package also provides DNS server. But to allow people all over the world can query your domain, you should have your domain name placed in different DNS servers to alleviate the load.

5. Wait until it is in effect.

In general, it needs 24 hours to 72 hours to have your domain name record of the server populated across the world so that people can use domain name to access your server.
Those are the general steps as long as you want to have your own private server(s) on Internet.

Basic Web Setting

After the system installation be finished, take the CD out, reboot the machine, and then start the basic network setting for the system.

There are two modes to configure the host, one is console mode on the local host, and the other is Web interface mode on Client. You can choose the one you like or just by the network environment of that time.

Console Mode --- configure on local host

A. Input account and password to login into console configuration interface.

　login：reset
　Password：root123

B. You will see 7 options after login in

　1. IP Address：192.168.19.185
　2. Netmask：255.255.255.0
　3. Default Gateway：192.168.19.1
　4. Save and Reboot
　5. Reset to CD setting (DHCP) and Reboot
　6. View Current Active Values
　7. Exit without Saveing Changes

C. Is there any fixed ip ready for configuration?

　 Yes, type fixed IP address, Netmask and Default Gateway into option 1.2.3. severally. You can use up
　　and down arrow to choose the option who needs edit, and then press enter to configure. After option 1.2.3
　　be correctly configured, you can use option 4 to save these changes and reboot the machine. (If you have
　　no idea about the Netmask and Default Gateway, you can just refer to the Completion List provided by your
　　ISP.)

　 No, if there is a DHCP server providing the IP assignment services in your network, you can just use option6
　　to check the IP address assigned by the system. After checking eth0, please write down the IP address, and
　　remember to use option 7 to quit the Console interface.

D. By the IP address you set or the one obtained from DHCP, you can view the configuration page of the
　　 system host via Web browser on remote Client.

※ DHCP server exists in your network, but if you find eth0 shown as IP 1.2.3.4 when you check current system value, please check if your network cables plug into wrong place (eh0 and eth1 may been exchanged), or if there are some problems on other equipments. (Refer to Q&A in the manual)


Web interface Mode --- configure at sub-network

A. Is the host, which you installed system on, connected by other hosts?

　 Yes, please confirm the host is the only DHCP sever (that is to say the network should not have other
　　DHCP servers, e.g. IP distributor), and then start from C.

　 No, please complete basic network configuration according to B’s instruction.

B. A network cable makes host’s eth1 port and the Hub connected. And use another cable to connect to
　　Hub, let the other end of this cable link to a common Client computer.

C. Choose one Client computer from the sub-network which connected to the system host.

D. Open command prompt on the Client (suppose it’s a Windows machine), type “ipconfig” and then press
　“Enter” button, check whether the Default Gateway is 172.16.9.1 or not?

　 Yes, just close the command prompt, enter into next step.

　 No, type “ipconfig/release” to release the old IP in your computer, and then type “ipconfig/renew” to get
　　new assigned IP.
　　(If you are still unable to obtain new IP, please check if the network has other DHCP sever or not, or maybe
　　TCP/IP of this Client does not use the mode of “Obtain an IP Address Automatically”.)

E. Open your Browser, and type http://172.16.9.1 at the address bar to link. When you visit the page at the
　　first time, you will see 4 items;

　　Host Name：Please set Host Name for this host.
　　Admin Password：Default password is admin123.
　　New Admin Password：Please set new password.
　　Confirm Password：Please confirm your new password.

F. After you enter into system page, go to System>>Network, choose Internet or PPPoE depending on the
　situation.

　 Choose Internet. At the Internet Interface, mostly, you should set the values for IP address / Netmask /
　　Default Gateway and then submit, restart your machine and you will find it already connected to Internet.

　 Choose PPPoE. If you use PPPoE, remember to check the checkbox of “Turn on PPPoE”. Fill in the account
　　and password provided by ISP and submit, reboot your computer, then you can connect to the network.
　　(Please refer to the sections of Configuration and Q&A in Quick Installation Guide if you have any questions.)

As Relay Client

Using a mail relay provided elsewhere might need some verification processes – it depends on how the mail relay is deployed. Some mail relays just lock the IP addresses; some might use some accounts with passwords for the other hosts to send out emails via this relay.



We use the diagram above to explain “mail relay”.  When a host S wants to send emails to other mail servers B or C, for some reasons, S can not send out emails directly to B or C ( e.g., it does not have registry entry in public DNS server ); it has to place its emails to Mail Server A and let A send out those emails to B and C on behalf of it.  However, Mail Server A might not let every other host send out emails via it without any verification processes. The function of this screen is to help configure the server when you want to use other hosts as mail relay.



If this machine has to act as “relay client” by using other machine as mail relay, you need to fill in some data about the mail relay you are going to use. You can use the IP address or the fully-qualified name for that host so that your machine will know which server will be used as relay. If that machine allows you to send out emails without any login or password information, you should not check the box for SMTP SASL authentication.

Usually, as a fully-qualified mail server, you should not use other machine as mail relay to send out emails.  The function here is intended for the use of other modules to send out notification emails when mail server is not deployed on this machine.

Relay Control

You can specify address like

192.168.1.3 　172.16.3.0/24

in the box to allow the connection from 192.168.1.3 or 172.16.3.0/24 to send out emails without SMTP authentication.



To deploy mail server, we only recommend the following two scenarios: mail server+firewall on the same machine, and mail server behind firewall. It is not a good idea to place a mail server on the Internet without any firewall protection unless you carefully disable other network applications on that machine – but it would have some disadvantages if you have to have those network applications from your office but you do not want the outside to employ some security holes. It is a little difficult to handle this situation. Thus, we have the following two examples for your reference to deploy a mail server.

Example:  Mail server and firewall on the same machine

As diagram indicated above, we have mail server and firewall together on the same machine. The firewall is to protect local network. For more details about firewall, please just refer to the corresponding section. We put this example here to bring your attention about how to deploy your mail server safely.  We will elaborate “port forwarding” and other firewall features in other section. Here, we just briefly show that Email server shall be deployed with firewall together for higher security.

At first, a mail server should not with dynamic IP address on eth0. Thus, you should obtain a static IP address from your Internet service provider. Once you get a static IP address from your ISP (Internet service provider ), the ISP will provide you a list with the following information:

IP Address
Netmask
Default gateway
DNS server

Once you have the information above, you can use System->Network->Internet to put correct setting there. In that screen, hostname and domain are also there for to input. You can just put the hostname by using simple alphanumerical symbols (a-z, 0-9) and domain name. However, this is not enough. You also need to finish the mail setting by going to Email->Basic->Domain/Hostand set

Domain name:  yourdomain.com
Hostname: mail.yourdomain.com

Please notice that you have to use fully-qualified hostname that can be queried from any public DNS servers. Some mail filtering programs on other mail servers would treat your emails as “junk mails” or directly drop them if the emails are not sent out from a server without the registration record in public DNS servers.

If it does not exist, you need to use Border Control->Advanced->Add rule to add this into the firewall rule. For more details, you should refer to the section for firewall for full understand how the firewall operates. And at the end of this manual, it also specifies some notes about mail server deployment.

If you want to use some email client programs ( like Outlook or Outlook Express ) on host A, B, or C,  the setting on those hosts are

SMTP host: 192.168.1.1  ( the IP address of LAN interface on firewall )
POP3: 192.168.1.1

Example:  Mail server inside firewall

We just ignore those domain name registration steps and assume those things are done in advance. You should have those things settled at first. Here, we directly introduce the setting the machine itself.

For the Mail server with 192.168.1.3, the setting on that host is as follows:

When people outside the firewall, the IP address they obtain for querying “mail.yourdomain.com” shall be the IP address of eth0 of the firewall. But the SMTP traffic is being forwarded into this internal server; the “Hostname” here in email setting needs to use the fully-qualified name ( it depends on how you register the associated records in DNS ).

Thus, it is not necessary to have another firewall running on the machine where mail server resides. If you have another firewall running on this mail server, turn it off or open the SMTP port.

1. System->Network->Internet

Put the static IP address along with the setting from your ISP in the following fields:

IP Address
Netmask
Default gateway
DNS server
DNS server2

2. Border Control->Basic->Port Forwarding
Border Control Forwarding Port number: 25
Protocol: TCP
Forwarding Target IP address: 192.168.1.3

If Web mail is used, you also need to forward TCP port 8081 and do “LAN-Net loopback” ( the details will be explained in firewall section or it can be found at the end of this document “deployment issues” ).



Web mail can be accessed via http://yourdomain.com/webmail/ or http://yourdomain.com:8081/webmail/ for users outside the firewall even with “LAN-Net loopback”. After that, the login will use http://yourdomain.com:8081/ for the rest of operation menus. But for users inside the firewall, it needs “LAN-Net” loopback to access web mail via URL like this.

Source Network in LAN: 192.168.1.0/24
IP of Original Destination outside: 1.2.3.4
Protocol: TCP
Port Number: 80
New Destination IP in LAN: 192.168.1.3
( for TCP port 80 loopback )

Source Network in LAN: 192.168.1.0/24
IP of Original Destination outside: 1.2.3.4
Protocol: TCP
Port Number: 8081
New Destination IP in LAN: 192.168.1.3

( for TCP port 8081 loopback )



3. In the hosts on local network, if mail client programs like Outlook or Outlook express is used, you should use

SMTP server: 192.168.1.3
POP3: 192.168.1.3