building a NAS (network attatched storage) server

[drag]

clarkconnect will have a ssl-encrypted web-based configuration.

Normally for Linux you'd use ssh and to a lesser extent X over ssh to remotely administrate a computer.. With Windows only ssh will work well, you'd use putty.exe for that. There are X servers with cygwin and whatnot, but it's a kinda of a pain..

With VNC you'd make it secure by doing port forwarding over ssh. Pretty much a VPN.

 

[MonsterMac]

yeah, i've been liking clarkconnect so far but I'm a little disappointed with the FTP program it has (which is one of the staples of the system I would build) but samba is pretty neat, i just don't like the idea of me somehow being an idiot and misconfiguring something which leads to me losing my data 😱.

 

[dclive]

Originally posted by: MonsterMac
I'd like to build a server that I can map to my own computer as a network attatched storage hard drive. I'm thinking of raiding maybe 4 - 6 320gb WD SATA150 hard drives, but here are my questions. Which raid should I do? I'd like the most cost effective one, but also if one drive fails i'd like the ability to replace it. my next question, is what OS should I use. I am a complete Linux n00b (i've tried it, but don't feel very comfortable using it) so would you guys recommend going with a windows OS (if so, what one?) or would it be easy enough to get say a samba server up and running without too much if any linux knowledge. any comments/input are appreciated.

Is there a reason you want to do this over the network and not attach the drives to your normal PC?

 

[randomlinh]

Originally posted by: dclive

Originally posted by: MonsterMac
I'd like to build a server that I can map to my own computer as a network attatched storage hard drive. I'm thinking of raiding maybe 4 - 6 320gb WD SATA150 hard drives, but here are my questions. Which raid should I do? I'd like the most cost effective one, but also if one drive fails i'd like the ability to replace it. my next question, is what OS should I use. I am a complete Linux n00b (i've tried it, but don't feel very comfortable using it) so would you guys recommend going with a windows OS (if so, what one?) or would it be easy enough to get say a samba server up and running without too much if any linux knowledge. any comments/input are appreciated.

Is there a reason you want to do this over the network and not attach the drives to your normal PC?

multiple computer accessability maybe?

what about openfiler? I'm about to set up a 4x120GB raid5 array. or maybe JBOD.. but i don't trust dvd as a backup medium.. so i'll stick it on raid and have a small amount truly backed up... all my media files that will go on there will be left to the reliablity of raid 🙁

 

[dclive]

Originally posted by: randomlinh
multiple computer accessability maybe?

That's the obvious benefit, but you can get that with attaching drives to your normal PC, too (just leave it on all the time), so I question the purpose of another, seperate box (for most people) just to host files, using electricity and heating the room (not as if that's an issue at the moment, but...). Unless there are 10-20 people he's sharing with, he shouldn't even notice the file transfer most of the time (are we talking gigs of transfers all the time, 24x7?)

So, I wonder if the OP could share a little of what he intends to do.

 

[thesurge]

Originally posted by: dclive

Originally posted by: randomlinh
multiple computer accessability maybe?

That's the obvious benefit, but you can get that with attaching drives to your normal PC, too (just leave it on all the time), so I question the purpose of another, seperate box (for most people) just to host files, using electricity and heating the room (not as if that's an issue at the moment, but...). Unless there are 10-20 people he's sharing with, he shouldn't even notice the file transfer most of the time (are we talking gigs of transfers all the time, 24x7?)

So, I wonder if the OP could share a little of what he intends to do.

i dont think you necessarily need 10-20 people to want to have a file server. hell you dont even need more than 1. maybe he doesnt want to leave his main computer on because it's a power draw. maybe he has another person he'd like to share files with. maybe other computers in the house he wants to have access to those files w/o having his other computers on.

 

[dclive]

All valid points. Can the OP qualify what he wants?

 

[MonsterMac]

I would like ot have the files on another computer just to take a lot of the hdd's out of my gaming rig. the gaming rig i have now has 4 hdd's w/ 1.2TB of space, and when people transfer files from my computer over the LAN my computer slows down... a lot. also, sometimes it semes like my computer runs a little slower with this many hdd's? is that possible?

 

[Brentx]

Originally posted by: MonsterMac
I would like ot have the files on another computer just to take a lot of the hdd's out of my gaming rig. the gaming rig i have now has 4 hdd's w/ 1.2TB of space, and when people transfer files from my computer over the LAN my computer slows down... a lot. also, sometimes it semes like my computer runs a little slower with this many hdd's? is that possible?

Yes that is possible, if your computer is accessing information on them.

With my Win2k box, I just map the network drive on my other computers. They are set to do that on logon. I wouldn't worry to much about security, I mean this is your own private network. You aren't running a business. I don't think any hacker will care about what mp3's your listening to or what your desktiop images look like. If you have a router with NAT, that should be all the security you need for residential purposes.

Win2k comes with an ftp server through IIS that you could set up. However, if you want to access that computer from a remote location, you have to set up DMZ hosting on your router. DMZ hosting is no good, because that will leave your computer completely exposed to the internet.

I would say just map a network drive. That is the easiest way to do this. Win2k is fairly cheap nowadays too, so it shouldn't be a big burn in your pocket.

And going back to the person who said why would you need a file server for 1 person... they come in handy a lot. You don't have to worry about turning on a computer when you need something, because it is always there. They also come in handy at LAN parties, because you can just throw game patches and no-cd's on the file server for everyone to access. You can even make the file server a dedicated server for whatever game you are playing 😛

 

[Nothinman]

I wouldn't worry to much about security, I mean this is your own private network. You aren't running a business.

Irrelevant, just because someone doesn't have a specific reason to break into your machine doesn't mean you won't get hit by one of the automated worms and become a zombie to be used in the next DDoS attack.

Win2k comes with an ftp server through IIS that you could set up

IIS 5 is probably the worst thing you can setup, IIS 6 is respectable but that requires Win2K3.

 

[MonsterMac]

when i head back to school, i'm going to be on a university network, so i dont want every other kid and their friend being able to map my network drive(s), do you think this would/could be a problem?

 

[drag]

Just don't setup any shares to be used anonymously. Use encrypted passwords and keep your system religiously up to date. Also disable any services you don't want to use. Email and DNS are easy targets for some people.

Don't use FTP if you care about security. It transmits usernames and passwords over plane text, these are easily intercepted and recorded. If you use FTP, use anonymous downloads or use user special accounts that you change the passwords on shortly after using FTP.

Security on a college campus is high concern. It's full of pranksters and colleges are easy targets with fat pipes for a lot of crackers.

I suggest reading up on security practices, problems, patches, configurations, and other items like that. A little extra knowledge can be very helpfull. A decent place to start is http://www.linuxsecurity.com/

Most of it also applies to windows systems or any other systems.

Also if your filesharing box doesn't need to have access to a outside network then you can simply put 2 nic cards on your desktop have one ethernet cord going just to your file server.

 

[MonsterMac]

since my uni does have a fast pipe, i've been using Serv-U to trnasfer files to friends. for security i've made random user names with randomized passwords (cap letters, lowercase, numbers, characters, at least 10 long) and i use SSL encryption. if i went with a windows box i'd probably install serv-u on this as well to transfer files to them. but for my own use, say playing a video from it as a mapped hard drive, would that be insecure?

 

[drag]

It will probably be fine. CIFS/SMB (windows file share) is a alright protocol when it comes to security.

What you have to worry about is usernames and passwords and samba can be setup to use only encrypted forms of these things. FTP is a old protocol and doesn't realy support this.

Also for fun another option is to setup a streaming media server. There is Icecast which is a mp3/ogg streaming server... There are other things like that.

 

[dclive]

Originally posted by: Brentx
[nd going back to the person who said why would you need a file server for 1 person... they come in handy a lot. You don't have to worry about turning on a computer when you need something, because it is always there. They also come in handy at LAN parties, because you can just throw game patches and no-cd's on the file server for everyone to access. You can even make the file server a dedicated server for whatever game you are playing 😛

...all of which can be done by using the current computer as the storage device, however, OP has said he already has 4 drives in there and doesn't like the slowdown when the drives are hit, so absent a massive case with empty space and a better NIC, he'll need another way.

(Still trying to wrap his head around 1.2Tb not being enough, and needing another TB++ for data storage...)

 

[dclive]

Originally posted by: MonsterMac
when i head back to school, i'm going to be on a university network, so i dont want every other kid and their friend being able to map my network drive(s), do you think this would/could be a problem?

Windows' standard security will be fine; you can lock it down quite a bit very easily.

 

[MonsterMac]

if i did end up doing this, I'd put the 4 huge drives I have into the 'server' and buy a small drive (maybe a raptor or something) into my main/gaming rig. what is windows standard security though - is that enabled by default - do you mean windows firewall?

 

[Brentx]

Originally posted by: dclive

Originally posted by: Brentx
[nd going back to the person who said why would you need a file server for 1 person... they come in handy a lot. You don't have to worry about turning on a computer when you need something, because it is always there. They also come in handy at LAN parties, because you can just throw game patches and no-cd's on the file server for everyone to access. You can even make the file server a dedicated server for whatever game you are playing 😛

...all of which can be done by using the current computer as the storage device, however, OP has said he already has 4 drives in there and doesn't like the slowdown when the drives are hit, so absent a massive case with empty space and a better NIC, he'll need another way.

(Still trying to wrap his head around 1.2Tb not being enough, and needing another TB++ for data storage...)

I really don't understand what you are trying to say. That is why he wants a separate PC.. so he doesn't get those slow downs.

IIS 5 is probably the worst thing you can setup, IIS 6 is respectable but that requires Win2K3.

I never said IIS was a good thing. staying away from an FTP server would be best in this situation, as when you have an FTP server, you become a potential target for attackers... since he would have to open up port 21, or DMZ host the PC's IP with his router. This is why I said he shouldn't do FTP.

Irrelevant, just because someone doesn't have a specific reason to break into your machine doesn't mean you won't get hit by one of the automated worms and become a zombie to be used in the next DDoS attack.

If you are a security concious person, you should not have problems with worms or DoS attacks. It seems like a lot of trouble to me to encrypt passwords just so you can map a network drive, unless you are in a corporate scenario. I still use a logon for my network shares, and that should be all the security you need.

 

[MonsterMac]

i run my FTP server on a high port, i.e. 48627, 51243, etc., i would never use port 21.

 

[Brentx]

Originally posted by: MonsterMac
i run my FTP server on a high port, i.e. 48627, 51243, etc., i would never use port 21.

That's good, but still a port scan will find the ftp server. At least that defeats half of the worms out there that specifically target port 21.

 

[Nothinman]

i run my FTP server on a high port, i.e. 48627, 51243, etc., i would never use port 21.

Irrelevant, if they can sniff port 21 they can sniff any port. It's hard to say what they'll be able to sniff without actually inspecting the network you're going to be attached to. And since FTP is all plain-text it doesn't matter how good your username/password combos are if they can sniff the packets.

Moving the service to another port will evade the really stupid scripts and attackers, but that's it, anything smarter and you've gained nothing.

 

[drag]

Exactly.

Worms are EASY to avoid. They are stupid, mostly irrelevent, automated/simple proccesses. You get a worm from being stupid. It happens to stupid and/or lazy admins in Linux and in Windows.

What you have to worry about are human attackers. This is were security should focus on and takes most of the effort. Worms are trivial in comparision.

 

[MonsterMac]

lets just hope they're not as interested in my stuff than the guy next to me 😉. serv-u tells me if someone tries to log on as someone else, and they wouldn't be able to log on unless they met a certain ip address as well.

 

[dclive]

Get a router, put yourself behind it, and you'll stop these scans and not have to worry nearly as much. If you were directly on the public internet (or the college internet) I can see being concerned. Once you're behind that router, there's far less to worry about.

 

[tw1164]

I was plan starting to plan for a Raid NAS solution for my HTPCs, but after looking at the article below I don't think I'm going with a RAID solution. I think a JBOD will be better for me.

You may want to look at this thread, its about the same subject.

http://forums.snapstream.com/vb/showthread.php?t=28650