Budget storage server - Page 3

Kei · #21 03-10-14, 12:20 AM

Installed plex and hoping to configure it so that I can use it to stream old recordings lifted off my humax pvr. It works perfectly to my panasonic plasma but not got it to talk with vlc via upnp yet. (a non issue really as i can play the files direct via the shared storage) Still need to get the FTP server side of things running though.

6 disks finally migrated and fully initialized. Performance is pretty good. Intel expander should be here soon, though I have no need for it yet as I don't have enough disks to require it.

Kei · #22 03-10-14, 08:55 PM

Tested out FTP today and that works perfectly too, uploading to it at ~8-10mb/s and downloading from at ~2-3mb/s. Need to tinker with the settings a bit to make sure it is secure.

Intel SAS expander arrived today. May well look into fitting it over the weekend.

Kei · #23 05-10-14, 06:42 PM

The intel sas expander is now fitted and working perfectly. I was expecting to have to rebuild the array from scratch but the controller picked up the virtual drive as if nothing had changed and is working exactly as before. A minor headache came when I tried to fit the card as it requires a pcie 4x sized slot and my gigabyte board only has two 16x slots and three 1x slots. I've had to use the vertical mount on the case for it until I can come up with something suitable to help neaten the cabling back out. (considering a 1x to 16x riser card for low profile cards) I also crimped the connectors for the 38mm NMB-MAT fan to aid cooling as I had to loose the side panel fan to fit the expander.

Kei · #24 17-10-14, 12:08 AM

Added the third breakout cable and adjusted the fan power connections so that they are a tad quieter. Also installed the proper nvidia drivers which has finally cured the fan on the quadro running at full tilt all the time. It's finally reasonably quiet now. Got 7 disks connected giving me 12TB, still got room for another 5. (I've put some spares in for now to simulate a full case so i can monitor temperatures)

Kei · #25 09-11-14, 12:26 AM

A full network rebuild has been performed as my old tp link 1043nd router has been requiring a prod every couple of days as it would just freeze up and stop the network. I decided that i was up for a challenge and went with a cisco 1921 ISR, an hp 1910-8G managed switch and a D-link DAP-2695 wireless access point. It took me about 4 hours to configure the router sufficiently that i could access the internet. I've spent a further hour this evening configuring the dhcp pools so that some of the main addresses are bound to the hardware ids. I still need to work out how to configure NAT/PAT for port forwarding so that most software will work as cisco IOS based devices lack upnp and NAT-PMP so the ports cannot be opened via the software itself.

YouWhat · #26 09-11-14, 02:38 AM

Quote:

Originally Posted by Kei

A full network rebuild has been performed as my old tp link 1043nd router has been requiring a prod every couple of days as it would just freeze up and stop the network. I decided that i was up for a challenge and went with a cisco 1921 ISR, an hp 1910-8G managed switch and a D-link DAP-2695 wireless access point. It took me about 4 hours to configure the router sufficiently that i could access the internet. I've spent a further hour this evening configuring the dhcp pools so that some of the main addresses are bound to the hardware ids. I still need to work out how to configure NAT/PAT for port forwarding so that most software will work as cisco IOS based devices lack upnp and NAT-PMP so the ports cannot be opened via the software itself.

Think the Budget storage server went out the window a short while ago

Time to rename the thread The Not So Budget Storage Server (Now)

but I suppose it still could be more expensive if you tried to

Seriously though, that all looks great what you have done, and I remember the headaches I used to have configuring the Cisco IOS stuff a few years back (manage to fix thing A thing and it creates problem on thing B, the damn things are too clever for their own good sometimes!! so you have my sympathies on that.

Kei · #27 13-11-14, 11:29 PM

Well to be fair, I've got most of this equipment fairly cheaply or free, which follows the idea of it being budget. My idea of cheap may differ from others though.

The cisco router is behaving well for the most part. I certainly get better performance from it vs the tp link. Very pleased there. (used to get low-mid 74 down and high 17- low 18 up, ping is about the same)

Config wise, it's taken a while to get the access list to behave itself but i seem to have gotten port forwarding to behave itself. I got FTP and SSH to my linux server to work after some headaches. I just need to add some more ports for teamspeak and steam games so multiplayer works and i think it'll be sorted. I'm not sure if I've covered all bases on the deny list but I'm hopeful that it's close.

Code:

!
! Last configuration change at 12:44:44 UTC Tue Nov 11 2014
version 15.2
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco-1921
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
enable secret 5.
enable password 7 
!
no aaa new-model
!
ip cef
!
!
!!!!!!DHCP server config
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.50 192.168.0.51
!
ip dhcp pool main_dhcp_pool
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 194.72.0.114 213.120.234.46 8.8.8.8
!
ip dhcp pool Kei-PC
 host 192.168.0.2 255.255.255.0
 client-identifier 01bc.ee7b.98e8.1e
 client-name Kei-PC
!
ip dhcp pool Humax
 host 192.168.0.4 255.255.255.0
 client-identifier 01dc.d321.8169.a2
 client-name Humax
!
ip dhcp pool Kei-NAS
 host 192.168.0.3 255.255.255.0
 hardware-address 0024.1d7d.1ef9
 client-name Kei-NAS
!
ip dhcp pool Server
 host 192.168.0.100 255.255.255.0
 hardware-address 0024.1d7d.1f09
!
!
!
ip domain name WesNet
ip name-server 8.8.8.8
ip name-server 194.72.0.114
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1810C0V2
!
!!!!!Archive every 7 days or on writing config
archive
 path ftp:/xxx/Cisco-1921
 write-memory
 time-period 10080
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
!
!!!!!! Note that Ge0/0 has no IP address
interface GigabitEthernet0/0
 no ip address
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
!
!!!!!! This is the LAN side
interface GigabitEthernet0/1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 no mop enabled
!
!!!!!! The ISP's given IP address will be configured via d1
interface Dialer1
 ip address negotiated
 ip access-group 101 in
 no ip unreachables
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp chap hostname [email protected]
 ppp chap password 7 1415060303092F23312A1337361115190205545856571A0D0C15
 ppp pap sent-username [email protected] password 7 0111120C54060307344E6E0B0D07051D0A08062B252066303A2F
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
!!!!!! This is the dynamic PAT between Dialer1 (WAN) interface IP address 
!!!!!! and local IP addresses within ACL 1
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.3 20 interface Dialer1 20
ip nat inside source static tcp 192.168.0.3 21 interface Dialer1 21
ip nat inside source static tcp 192.168.0.3 22 interface Dialer1 22
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.255.0 GigabitEthernet0/1
!
access-list 1 remark INTERNET-ACCESS
access-list 1 permit 192.168.0.0 0.0.0.255
!
access-list 101 remark DENY FAKE IPs
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 255.0.0.0 0.255.255.255 any
access-list 101 deny   ip 248.0.0.0 7.255.255.255 any
access-list 101 deny   ip 224.0.0.0 7.255.255.255 any
!
access-list 101 remark DENY SPOOFING IPs
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip host 255.255.255.255 any
!
access-list 101 remark DENY VULNERABLE PORTS
access-list 101 deny tcp any any range 135 139 log-input
access-list 101 deny udp any any range 135 139 log-input
access-list 101 deny tcp any any eq 2000 log-input
access-list 101 deny tcp any any eq 2001 log-input
access-list 101 deny tcp any any eq 6000 log-input
access-list 101 deny tcp any any eq 6001 log-input
access-list 101 deny tcp any any range 5900 5910 log-input
access-list 101 deny tcp any any range 5800 5810 log-input
access-list 101 deny tcp any any eq finger log-input
!
access-list 101 remark DENY TRACEROUTE OUTSIDE
access-list 101 deny udp any any range 33400 34400 log-input
!
access-list 101 remark ALLOW ACCESS FOR SERVER FTP & SSH
access-list 101 permit tcp any any eq 20
access-list 101 permit tcp any any eq 21
access-list 101 permit tcp any any eq 22
!
access-list 101 permit udp any any eq ntp
!
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 deny icmp any any
access-list 101 permit tcp any any established
access-list 101 permit udp any any
!
!
!
!
snmp-server community WesNet RO
snmp-server enable traps entity-sensor threshold
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password 7
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

This is the output from show ip nat translation. (public ip has been changed from actual)

Code:

Cisco-1921>show ip nat translation
Pro Inside global         Inside local          Outside local         Outside global
tcp 78.53.134.234:49996  192.168.0.2:49996     173.194.78.189:443    173.194.78.189:443
tcp 78.53.134.234:50079  192.168.0.2:50079     64.233.167.188:443    64.233.167.188:443
tcp 78.53.134.234:50254  192.168.0.2:50254     74.125.230.229:443    74.125.230.229:443
tcp 78.53.134.234:50283  192.168.0.2:50283     173.194.78.101:443    173.194.78.101:443
tcp 78.53.134.234:50284  192.168.0.2:50284     74.125.230.149:443    74.125.230.149:443
tcp 78.53.134.234:50285  192.168.0.2:50285     74.125.230.143:443    74.125.230.143:443
tcp 78.53.134.234:50385  192.168.0.2:50385     74.125.230.154:443    74.125.230.154:443
tcp 78.53.134.234:20     192.168.0.3:20        ---                   ---
tcp 78.53.134.234:21     192.168.0.3:21        ---                   ---
tcp 78.53.134.234:22     192.168.0.3:22        ---                   ---
tcp 78.53.134.234:42240  192.168.0.3:42240     173.194.78.138:443    173.194.78.138:443
tcp 78.53.134.234:42241  192.168.0.3:42241     173.194.78.138:443    173.194.78.138:443
tcp 78.53.134.234:42910  192.168.0.3:42910     74.125.206.188:5228   74.125.206.188:5228
tcp 78.53.134.234:47758  192.168.0.3:47758     173.194.78.84:443     173.194.78.84:443
tcp 78.53.134.234:54760  192.168.0.15:54760    157.56.124.47:443     157.56.124.47:443
tcp 78.53.134.234:54770  192.168.0.15:54770    157.55.236.49:443     157.55.236.49:443
tcp 78.53.134.234:54772  192.168.0.15:54772    157.56.124.130:443    157.56.124.130:443
tcp 78.53.134.234:54822  192.168.0.15:54822    74.125.230.246:443    74.125.230.246:443
tcp 78.53.134.234:54823  192.168.0.15:54823    74.125.230.247:443    74.125.230.247:443
tcp 78.53.134.234:54825  192.168.0.15:54825    74.125.230.228:443    74.125.230.228:443
tcp 78.53.134.234:54835  192.168.0.15:54835    64.233.166.188:5228   64.233.166.188:5228
tcp 78.53.134.234:54995  192.168.0.15:54995    173.194.78.189:443    173.194.78.189:443
tcp 78.53.134.234:55004  192.168.0.15:55004    173.194.78.102:443    173.194.78.102:443
tcp 78.53.134.234:55039  192.168.0.15:55039    173.194.35.23:443     173.194.35.23:443
tcp 78.53.134.234:55040  192.168.0.15:55040    173.194.78.136:443    173.194.78.136:443
tcp 78.53.134.234:55041  192.168.0.15:55041    74.125.230.134:443    74.125.230.134:443

Dawelio · #28 12-12-14, 09:48 PM

Quote:

Originally Posted by Kei

I also got remote desktop via vnc to work too.

What monior is that to the right?, looking for a monitor like that, that isn't a full sized 24" widescreen (if that makes sense?

)?...

Mysterae · #29 13-12-14, 12:23 AM

Looking good Kei, interesting read. I liked the idea of using old hardware and re-purposing it, that while overspec'd for what it is, will do the job admirably.

I'm doing the same thing but not to the extent you are! I'll be using Windows 8.1 (so not a server in the true sense) but the use of a SATA III 8 port RAID card is tempting. One difference to your system is that mine'll be connected to the main tv as a media pc too.

It's been a while since you updated here, hows the system running?

camwallace · #30 06-03-15, 03:40 PM

I've been using 1&1 for my server outlet. It makes sense for me since I'm only accessing that stuff intermittently. They offer a very good service if you're interested.