Now then for the curious Vol I is here and Vol II is here; given that last time the universal reception seemed to be that there wasn't enough meat I'm going to finish our little project in one diary.
By the time this diary is finished I'll have shown you how to have a headless server that you can access your server both intranet and internet (within your network and from outside your network), (removed due to fear of confusing too many people) how to statically allocate an IP so that the computer can be used for port forwarding and explain what port and port forwarding is.
Reminder, I am assuming windows XP as your operating system. That said, the theory is the same for any OS (operating system) the technical steps just change.
Shall we begin?
edit it was asked below, what's the end result? The end result is a storage server. A place you can set up to have access to files from your house, the internet where ever you want. I use my server as information storage but you could also set up your own wiki, create a security system so you can monitor your house from your vacation and much more. Your options are really only limited to your imagination.
Eh I lied, we can't begin just yet because there is a very important warning here.
A lot of what we eventually will be doing involves exposing port 80 on your networked (to be explained later) to the internet, make sure you're sitting behind at least one firewall and that you have very strong passwords.
Why do I say at least 1? Because modern routers function as a hardware firewall but personally because I believe in overkill to an extent and am a touch paranoid so each of my computers are also sitting behind their own firewall. Now of course the more firewalls you put up the bigger the headache to configure them to allow what you want to pass though them. Thus any more then a physical firewall and a software one and you're probably wasting your time (unless I suppose you really have to hide something in which case I guess you can't be paranoid enough).
Now then what do I mean by strong password? Well 10 years ago I'd have said anything with numbers and letters in excess of 10 digits on a personal computer would work to deter anything but a determined hacker (and well then you're in trouble probably regardless of what you do); now a days I shoot for about 15-20. Again, this is a touch paranoid but I'm trying to keep my information where it belongs and like having your home broken into, the philosophy here is to make it more effort then it's worth.
Also if you are using a router you need to secure it and password it, if for no other reason so that your neighbor will stop downloading bootlegged copies of Taken so that if the PTB come after him they'll think it was you. It's a little hard to cover all the models here, what I recommend is read your instructions manual it should cover assigning a password to the router. The question again is what is secure? Myself I sit behind a router with at least a password of 34 characters long that has both numbers and letters and is designed to take forever to crack with a brute force approach. It's not unbreakable (if fact precious little is 'unhackable') it's just designed to discourage and make hackers look for easier targets
Now what you choose for length is up to you but you probably want to shoot for at least 20 characters for any network password.
One last tip for password creation, you want to use something that's easy to remember but is not related to you. So don't choose your dog's name, your dog's name backwards or your dog's name and your mom's name or anything else related to you personally. If someone really does try to hack you (and they're any good or even worse they know you in real life) the first thing they'll probably do is emphasize a brute force attempt using facts and names from your real life or just emphasizing real words (as there are less real words then random collections of letters). Lots of people do it and these tend to be the people you hear about getting their identity stolen, their network hijacked to help in a denial of service attack and so on.
A lot of what I'm going to be talking about is going to involve assigning the IP address of individual computers. Normally this is handled dynamically by either your router or your IP service, this wouldn't be bad except we need that address. Further to my knowledge there is no way to dynamically allocate a computer's address for port forwarding. This is because every time you turn on a computer it can get a new IP address from the router based on what IP addresses are already in use. This of course is a huge headache but it's got an easy solution, all we have to do manually allocate an address to the computer. Here's the good news, you only have to do this if you're going to be forwarding ports to a computer (more on ports later).
Here's how you implement a static IP for Windows XP
1. Open Windows Start menu.
2. Select Run. Type: command and click OK. (see picture)
3. At the blinking cursor, type: ipconfig /all and press Enter.
4. Look for these entries near the end of the list:- Dhcp Enabled. No means your IP address is static. Yes means it is dynamic.
- IP Address. This is your current IP address.
5. Write down your Router(Gateway) IP, your Subnet Mask and IP address of your DNS server (I circled the area)
6. To exit, at the blinking cursor, type: exit and press Enter. Before you do make sure you wrote down the Router (Gateway) IP address,the Subnet Mask and IP addresses of your DNS server do not try and commit it to memory.
It should look like the picture to the right
Now to actually assign a static IP to your computer, follow these steps
1. Open Windows Start menu.
2. Open Control Panel.
3. Classic view: Open Network Connections
Category view: Select Network and Internet Connections, and then Network Connections.
4. Double-click on your active LAN or Internet connection.
5. Click Properties.
you should end up with a window like the one on the right
6.Double check that Internet Protocol (TCP/IP) is checked (circled in red)
7.In the General tab, highlight the Internet Protocol (TCP/IP) item, and click Properties. (it's circled in red)
this will open a new pane, that should look like the picture on the right.
8. Click "Use the following IP address"
9. Now type in the Subnet and Gateway addresses you copied earlier (as I understand it you can not change this so I would not try)
10. Enter the IP you want for the computer, my recommendation is to keep everything the same but the last part and use '.001' or '.100' or something similar. Why? Because you are going to need this IP address and do you really feel like looking it up everything time to remember if it was 148, 841 or 481?
11. Click "Use the following DNS Server Addresses"
12. Copy in what you wrote down earlier from ipconfig
Almost done! So we are done with all those windows, just keep clicking "okay/enter" till they are all gone. After that you must restart your computer for the changes to take effect. Do so and after you have done so, verify that your IP change works first by accessing ipconfig (using the above steps) and then try and log onto the internet. Everything should be working fine.
So remember way up at the top how I mentioned how modern routers function as a firewall and how great that is? Well it's also a pain in the ass because we have to instruct the router how to handle requests and where to send specific connections and data. This is where ports come in. This is going to be confusing and I may end the diary with this as I do not want to overload people with ideas and information. The router functions as a 'face' or gateway (I have also heard it compared to a house). You have an 'outward 'face' and an inward 'face'. Outward meaning to the internet and inward your home network. What we need to do is be able to tell request A to go to computer 2 and the only way to handle that is with ports.
Put another way, ports are small holes you open up in your firewall, like doors or gateways that allow information though. Without these holes the requests would be repelled by our fire wall like how a wall can repell invaders.
I really did want to get to headless machines but I fear I am losing people, so for now I will end this here. I will set up a poll and if this is not confusing too many people I will edit this diary later this evening to include headless machines.