In part two we will get into virtual private networks, dnsmasq,  and other media servers.

Vpn.
Mediatomb.
Irc.

See also: https://www.instructables.com/id/Your-personal-intranet-Part-1/

You may also like: https://www.instructables.com/id/Statusnet-the-Twitter-clone-setup/

Update: added wireless option.

DNSmasq provides two services, either of which can be used independently.

• DNS service
• DHCP service (including features relating to network boot)

A local DNS cache can speed up internet browsing because the user's browser will not need to access a domain name server when it looks up a domain name the computer has visited before.

DHCP allows the user's computer to allocate network addresses to other computers on the wired or wireless network. A computer needs a unique network address in order to do access the internet.

DNSmasq is not designed for so-called "Internet Connection Sharing," however, it does provide a lot of the services needed in the background. With DNSmasq set up, only two additional commands can set up internet connection sharing (ref?).

Note that the package "dnsmasq" interferes with Network Manager which can use "dnsmasq-base" to provide DHCP services when sharing an internet connection. Therefore, if you use network manager (fine in simple set-ups only), then install dnsmasq-base, but not dnsmasq. If you have a more complicated set-up, uninstall network manager, use dnsmasq, or similar software (bind9, dhcpd, etc), and configure things by hand.

Setup for dnsmasq

Like much of the Ubuntu packages, dnsmasq is in universe. Make sure its enabled, then run these commands

$ sudo apt-get install dnsmasq

dnsmasq can be configured by editing the file

$ nano /etc/dnsmasq.conf

Local DNS Cache

A DNS server resolves human readable domain names into IP addresses. For example, when one requests ubuntu.com, the DNS server finds the IP address for ubuntu.com . One can run a DNS cache on a computer via the steps below. This will shorten the time required to look up domain names when browsing. The difference in time is on the order of hundreds of milliseconds.

After dnsmasq has been installed, use the text editor of choice, such as gedit, nano or vim to edit:

/etc/dnsmasq.conf

Note: in order to save modifications, the editor must be run with administrator permissions, e.g. sudo gedit /etc/dnsmasq.conf . Change the line that looks like (should be around line 90):

#listen-address=

to,

listen-address=127.0.0.1

Now, edit the file

/etc/dhcp3/dhclient.conf

Make sure that around line 20 looks like the following:

#supersede domain-name "fugue.com home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope;

The prepend domain-name-servers 127.0.0.1; is the important part of the configuration. Adding the prepend option ensures that 127.0.0.1 will appear on the top of the list of DNS servers. 127.0.0.1 refers to the user's own computer. Whenever the user's computer needs to resolve a domain name, it will forward that request to dnsmasq (which is running at 127.0.0.1).

Now, edit the file:

/etc/resolv.conf

The file should look something like this,

search yourisp.com
nameserver 192.168.0.1
nameserver 205.171.3.25
nameserver 205.171.3.26

Don't worry if the above listed nameserver numbers are not the same as what appear in the text editor. But be sure to add the user's computer as a nameserver at the top of the list:

search yourisp.com
nameserver 127.0.0.1
nameserver 192.168.0.1
nameserver 205.171.3.25
nameserver 205.171.3.26

All that is left is to restart dnsmasq so that the changes we made to the configuration file come into effect. We do that via the command:

$ sudo /etc/init.d/dnsmasq restart

Now there is a DNS cache set up on the user's computer. To see the difference in speed, we can make use of the dig command twice on our test website:

$ dig ubuntu.com

The first time this happens, the output will look like:

;; Query time: 117 msec

The second time will look like:

;; Query time: 0 msec

Special Cases

• If you are on a large LAN (e.g. business or university) it might not be desirable to provide name service or DHCP for a thousand colleagues, so add the line:

except-interface=eth0 if eth0 is the user's internet/LAN connected interface.

• Add DHCP server:

dhcp-range=192.168.0.20,192.168.0.254,255.255.255.0 This range must not clash with your LAN IP address.

Save and exit the file, restart the daemon:

sudo invoke-rc.d dnsmasq restart

DNSmasq is now listening on some interfaces for DNS lookups and/or DHCP requests. One can verify this by running:

ss -ltp
# -l = listen, -t = tcp, -p = show program name

The user can add the line: nameserver 127.0.0.1 to the top of your /etc/resolv.conf file to use the local DNS cache first.

Alternatively, the package resolvconf sorts all this out automatically.

Note: If you have the resolvconf package installed, you cannot use the "resolv-file=" option in your /etc/dnsmasq.conf configuration file as this value will be overridden by the init.d script when dnsmasq is started up. You should specify your upstream DNS servers using a dns-nameservers line (and optionally a dns-search line and other dns- options) for each interface in /etc/network/interfaces. The resolvconf scripts will automatically create a special file located at /var/run/dnsmasq/resolv.conf with your upstream servers and put 127.0.0.1 in /etc/resolv.conf to ensure DNS queries on your local machine use dnsmasq. For more information, see the resolvconf(8) man page.

UFW

Unlike the ISC DHCP server which "... in some configurations bypasses the kernel firewall rules entirely" - http://thekelleys.org.uk/dnsmasq/docs/FAQ

- for dnsmasq to work, iptables mustn't block the DHCP port

$ sudo ufw allow bootps

How to Setup a VPN Server Using a DD-WRT Router  (untested)

There are several media servers on the market that work well with TVs and PlayStation 3’s. I prefer MediaTomb, a uPnP-compliant server, because it is simple to install and configure. MediaTomb works flawlessly with my WD TV Live, and allows me to stream video (mostly AVI files), audio (mostly AAC files with .m4a extensions), and photos from my server to my TV.

Install MediaTomb

MediaTomb is simple to install on Ubuntu Server because a Debian package for it is in the repositories. To install MediaTomb, simply install the mediatomb package.

$ sudo apt-get install mediatomb

The MediaTomb daemon will start automatically after installation.

Configure Port Number

By default, MediaTomb will pick the first available port starting with 49152. When restarting the server, it may pick a different port, such as 49153. I prefer to lock MediaTomb down to a certain point, so my bookmarks for the web interface are always correct, and so I can set firewall and networking rules consistently.

To lock MediaTomb to a single port, simply edit the XML configuration file.

$ sudo nano /etc/mediatomb/config.xml

Find the  <name> element in the configuration file. (You can rename its contents if you wish to. Personally, I don’t like the word “tomb” displayed on my TV, so I rename the service “MediaServer”.) Underneath the element, insert a
element, as follows:

<port>49152</port>

Save the configuration file, and restart the service.

$ sudo service mediatomb restart

Now MediaTomb will be locked down to port 49152. You can now set up your firewall to allow traffic on that port.

Add Media Files to MediaTomb’s Library

MediaTomb needs to be told where your media files reside in order to serve them. For simplicity, I prefer to keep all my media files in one folder tree, with high-level subfolders corresponding to media type. My media folder tree is within my home directory; your media may be spread out over your hard drive. MediaTomb doesn’t really care; you simply need to add each folder your media is in to the media library.

• media
  • movies
  • music
  • photos
  • tv

Add Media to MediaTomb

To add my media folder to MediaTomb, I use MediaTomb’s web interface. I point my browser to my server’s IP address, plus the port it is running on, as follows: http://serverip:49152.

MediaTomb’s sparse web user interface will appear. You will want to click on the Filesystem link, then browse the file system tree to find your media folder. Click on the media folder you wish to add, then click the icon that looks like a plus sign with two sync arrows, as in (+). This button calls up a form that allows you to add that folder to the media library, and set up automatic updating.

Set the scan mode to Inotify, the initial scan to Full, and check the Recursive checkbox. Then click Set, and you have added the folder. MediaTomb will scan the folder for media files to serve. Because we selected the Inotify scan mode, MediaTomb will monitor this folder tree for file changes, and update the media library accordingly. This allows you to add and remove media using Samba or the command line.

Repeat this process for each media folder on your server. Note that Inotify will not work with media served from remote file shares; you will need to set scanning to a timed interval.

Note: It is possible to add media via the command line, but it does not work well for the packaged Ubuntu install.

Enabling Web Interface

MediaTomb provides a web interface to help with configuration. To enable:

    <ui enabled="yes" show-tooltips="yes">

With any changes to the configuration file, the MediaTomb service will need to be restarted for them to take effect.

Allowing Accounts

As of version 0.12.1 to be able to 'Login', it appears like having accounts enabled now is mandatory. To do this change:

      <accounts enabled="no" session-timeout="30">

Connect to your Server

You will need to port foward 49152  on your router. After setting up the server and adding media to it, you are essentially done. Your front-end device should automatically discover MediaTomb on the network. XMBC and VLC work well with Mediatomb.

IRC Internet Relay chat. is an online real time chat betweeen users that are connected to the server. used in a lot of gaming.

Installing the server..(since this is on a private network (assuming no wifi) i will not get into al the security details.

$ sudo apt-get install ircd-hybrid
$ su
# nano /etc/ircd-hybrid/ircd.conf

Change as following:

listen {
        /* port: the specific port to listen on.  if no host is specified
         * before, it will listen on all available IPs.
         *
         * ports are seperated via a comma, a range may be specified using ".."
         */

        /* port: listen on all available IPs, ports 6665 to 6669 */
        # host = "127.0.0.1";     # change this!
        port = 6667;
};

Change your message of the day.
# nano .etc/ircd-hybrid/ircd.motd

Restart server for changes to take effect.
# service ircd-hybrid restart

Done.
# exit

You will neet to forward port 6667 the same way we did other ports in part 1.

Install xchat or ircii and see if you can connect from the other network.

One thing you could do if you wanted to add wireless access is to use hotspot software. I would set up a router 4 with Coovap and only allow wan access so that way you would have a front door to everything that is behind other routers. There is also other turnkey hotspot software, but this seems to be the most turnkey. Wireless security is a bit out of date on the stock package. Not enough time here to get into all the details, but just wanted to show some possibilities. Might be the subject of a future instructable.
CoovaAP is based on Openwrt.

More and more people are wanting to separate their private network from the internet but still want to access both for a system or two. No problem. You can set up multihomed nics faily easily and all things being equal, no packets should go between the two.

If you have 2 NIC (network Lan card) each connected to different networks:

=> eth0: 192.168.1.0/24
=> eth1: 192.168.2.0/24

Consider above setup. Now if you want to route traffic to connected network only (eth0 and eth1) w/o setting Linux server as a router. This is generally called multi homing setup. You don't have to setup Linux box as a router to use multi homing :). Just assign as IP address to each NIC and you are done.

How do I configure Linux multi homing?