By Kristian Kißling
A dynamic DNS service lets the user run a web server from a home computer without a static IP address. Dynamic DNS providers such as DynDNS.com [1], easyDNS [2], or ZoneEdit.com [3] won't even charge you for a static DNS name. If your Internet provider assigns new IP addresses to your router through DHCP, a special program - or even the router itself - will pass the new IP address on to the dynamic DNS service provider, thus updating the DNS record for uninterrupted name resolution services.
Many users are wary of installing a private server because they're afraid of vulnerabilities. An attacker who manages to compromise your web server can access your private machine and possibly even endanger important data. However, if you install a web server as a virtual machine (Figure 1), the damage is limited. If an uninvited visitor runs amok on your server, you can easily restore the system to its previous state. VMware server, for instance, lets you take a snapshot of the current system state and restore it at any time. A virtual web server also offers greater convenience and mobility. If you burn your data onto a DVD or a memory stick, you can put your server in your pocket and load it into another virtual machine on other hardware.
A quick overview will serve to outline the steps for deploying a VMware virtual web server system. Start by installing a virtual server. In this article, I use the free VMware server, which does not need any major network configuration. On the server, install the operating system you will be using for the virtual server as a virtual machine. In our lab, I opted for servers on Ubuntu 7.10 and openSUSE 10.3. Of course, you can choose any other flavor of Linux - many roads lead to Rome.
On the virtualized Linux system, set up the services you want to offer on the Internet. In this article, I focus on deploying an Apache web server, but the process is similar for other Internet services. If your network uses a private address space behind a firewall/router device, the server will only be accessible from the private network at first. As you will learn in this article, you can make the web server accessible from the Internet by assigning it a static IP address on the local network and then configuring the router to forward incoming port 80 traffic to the virtual server's address. If your ISP assigns an Internet address to the router through DHCP, the address will change occasionally. The Ddclient tool will notify the dynamic DNS service provider when the address changes.
The free VMware server download of version 1.0.4 is available directly from the vendor's website [4]; however, this means installing manually. Ubuntu users can adopt a far easier approach. Launch Synaptic and add another external package source (deb http://archive.canonical.com/ubuntu gutsy partner); then, click to install the vmware-server package.
The serial number you will need is also at the download address [4]. Be warned: Before you are given a serial number, you'll need to answer a whole bunch of questions. After completing the installation, access the server's GUI by pressing Alt+F2 on openSUSE 10.3 and Ubuntu 7.10 and then typing vmware. This takes you to the interface shown in Figure 2.
The next step is to install an ISO image that you download from the web. As an alternative, you can use the host system's disc drive as an installation source if you have the system on a CD or a DVD. Start by selecting File | New | Virtual Machine to set up a new, "empty" virtual machine. Then, select Next and Typical, opt for Linux as the system to install, and select an appropriate version in the drop-down menu.
In the next dialog, type a name for the virtual machine - I chose UbuntuServer and OpenSUSE10_3. Do not change the Location. Now move on to the network settings. If you select Use bridged networking, the server will be set up as a client on the local network. For test purposes, it is perfectly all right to set Disk Size to 5.0 GByte. Check the option Split disk into 2GB files if you want to copy the virtual machine onto external media. Older file systems, such as Ext2 and FAT32, have problems with large files. The server will clean up the required space on the host system if you click Finish. The virtual machine is like a computer with an empty hard disk - time to invite guests.
To assign some of the host system's resources to the virtual machine, click Edit virtual machine settings. Below CDROM 1, click on Use ISO image to use an ISO image as your installation resource. Click Browse to open a file manager and search your disk for the ISO file (Figure 3). If you prefer to use the standard installation medium, keep the default. Click Memory to extend the virtual machine's RAM - you will have to decide how many megabytes of RAM the virtual machine is allowed to steal.
If the host system has multiple processors, you can specify how many of them the virtual server is allowed to use in the Processors menu. When you are done, click OK to complete the configuration and then reboot the virtual machine by clicking Power on this virtual machine. If you need to change the BIOS, quickly press the Esc key - otherwise the installation will be pretty much the same as on any physical machine. In the case of an Ubuntu server, you should choose Install to Disk as your boot option.
A number of HOWTOs on the Internet describe the installation of one distribution or another. Because VMware tricks the distribution into thinking that it is installing the guest machine with standard hardware, driver problems are very unlikely. It is a good idea to click Snapshot after completing the installation to save a copy of the current system. Later on, if necessary, you will be able to restore exactly this state, and you might also want to take another snapshot when your server is up and running and the configuration is complete.
| Reality Check |
|
Although a virtual web server offers many advantages, it definitely isn't a solution for every situation. One disadvantage is performance. Systems running on virtual machines are slightly slower than systems running on the hardware. If you're expecting a high volume of visitors because you run a game server or an enormous content management system, you should make sure your server has sufficient resources or else do without virtualization. Hardware support is also an issue with virtual machines: Your Webcam or MP3 player might not work as anticipated under VMware. The host system that houses the virtual server also needs a wired connection to your home router - virtual machines will not be able to use a WLAN connection on the host. Finally, virtual machines are not suitable for 3D applications; of course, this is not typically an issue for a server. If the virtual server is not an option for you, don't worry: The Apache web server works just fine with dynamic DNS service on the physical machine. |
If your host system is wired to a router that uses DHCP to assign IP addresses, the new virtual system will pick up an IP address from the DHCP server. When you type ping www.linux-magazine.com, 100 percent of the packets should reach their target.
If they don't, check to see whether the host machine can access the Internet, and make sure the computer is using a network cable rather than a WLAN connection.
On openSUSE, you can run YaST to re-initialize the network card - sudo /etc/init.d/networking restart does the same thing on Ubuntu. On both systems, the /sbin/ifconfig commands will tell you which IP address the computer is using. Make a note of the address because you will need it soon.
The next step is to install the Apache server. For Ubuntu users, sudo apt-get install apache2 will take care of this. The package manager picks the required packages off the Internet and configures the server with standard settings that should be fine initially. On openSUSE 10.3, launch YaST and install apache2 via the Software management module. Then start up a console, become root, and enter /etc/init.d/apache2 start.
To find out whether your server is already accessible on your internal network, exit VMware and, in your browser, enter the guest system's IP address. Although the host and guest operating systems are physically located on the same machine, they use different IP addresses and appear as two separate machines on the LAN. If you type the IP address in your browser's address box, Ubuntu should show you the available website (Figure 4). OpenSUSE 10.3 returns a page with Error 403, which proves that the server is running - it just doesn't have a web page to display in its /svr/www/htdocs directory.
If you are unable to access the server, the guest system might be protected by a firewall (e.g., this is the case on openSUSE), so go back to the guest system, select Security and Users | Firewall in YaST, and add HTTP Server to the list of Allowed services. This allows incoming connections to port 80.
Most home and small-office networks are protected with a router/firewall device that performs Network Address Translation (NAT). In this configuration, only the router actually participates in the Internet address space, and the computers on the local network receive private, non-routable addresses through DHCP. If you plan to set up your virtual web server on the internal network, you'll need to configure the router to forward incoming http requests to the web server system.
One easy solution is to make sure the router sends any requests for port 80 (the Apache server's standard port) to the address of the virtual server. If you want the router to forward incoming port 80 traffic to your virtual web server, you'll need to give the virtual server a static IP address on the internal network. Most routers let you configure static IP addresses for the hosts on local networks through a browser interface.
For instructions on accessing the configuration interface, see the manual for your router. Each router handles this differently, but the usual procedure is to type the router's internal IP address in the browser's address box. The configuration interface will let you set up the DHCP server to give the virtual machine a static IP address (see the box titled "Assigning a Static IP Address").
After assigning a static IP address, log on to the router interface. New routers make life very easy for users: The DI-624 by D-Link, for example, has a separate section, Virtual Server, in which you can simply enable port 80 for the virtual server with the internal IP address of the virtual web server. After rebooting the router, the virtual server should be accessible from the Internet.
To check this, enter the web server's address in your browser. Your Apache server's front page should appear. Every router works differently, and not all routers have a convenient interface, so you might need to read the router manual or go to a support forum to find out how to forward port 80 to your virtual server's IP address. Also, you will need to forward other ports for other services. For example, you will need to forward ports 20 and 21 to run an ftp server.
DynDNS.com [1], and the other providers I mentioned earlier, assign domain names to servers with dynamic IP addresses. To set up an account, you need a valid email address. After logging on at the website, select My Services and then Add New Hostname. Start by typing a hostname that other users will use to access your server - select the domain from the list. As the Service Type, select Host with IP address. In IP Address , click on the link that automatically discovers and enters your current IP address (Figure 5). A couple of minutes after you click Create Host, you should be able to access your server.
Of course, you can't visit the DynDNS website each time your provider gives you a new IP address. To remove the need to do so, simply install Ddclient, which takes care of this task for you.
If your virtual machine is running on Ubuntu, enter sudo apt-get install ddclient to install the software. The system will ask you to name your dynamic DNS provider during the installation (www.dyndns.com in this case), and then your complete Internet address (kris.dyndns.com), along with your user name and password for the DynDNS website. Finally, the software will ask you about the interface for the dynamic DNS service; specify your active Ethernet interface, say, eth0. By entering sudo /etc/init.d/ddclient start you can then call Ddclient and modify the details of the configuration via sudo dpkg-reconfigure ddclient.
If you run openSUSE, first launch YaST and install the ddclient package. Add the entries shown in Listing 1 to the /etc/ddclient.conf configuration file (you need to be root to modify it). The login, password lines are for your dynamic DNS service credentials, and the selected Internet address is down at the bottom. The other entries you can use as is. Launch the utility by becoming root and typing ddclient.
| Listing 1: Add to ddclient.conf |
01 daemon=600 02 pid=/var/run/ddclient.pid 03 use=web, web=checkip.dyndns.com/, web-skip='IP Address' 04 login=kkissling 05 password=my_secret_password 06 protocol=dyndns2 07 server=members.dyndns.com 08 wildcard=YES 09 kris.dyndns.com |
To see whether ddclient is doing a good job, type tail -f /var/log/messages at the console. If the log contains the word SUCCESS, you know that the tool is advertising the IP address correctly; if not, you will need to check the configuration file syntax.
The virtual web server is now a fixed component of your system, and it will launch whenever you boot the server. Just try this out to be sure: Boot the router and the virtual server and then access the web address you just set up. You should see your own virtual web server. As a web server operator, you can now offer a variety of web services. But remember, unless you take additional steps to configure a secure interface, the whole world will be able to access any resources you make available through the web server system.
| Assigning a Static IP |
|
The router identifies the guest system by reading the virtual network card's MAC address. To discover the MAC address, you can pop up a console on the guest system and type /sbin/ifconfig. Then, return to the router configuration interface and assign a static IP address to the virtual server's MAC address. Of course, the static address must be a legal address for the internal network segment. After making these changes, reboot the virtual machine. To see the IP address you assigned, type /sbin/ifconfig. Alternatively, you can use YaST (openSUSE) or the network settings in the Ubuntu system management tool to assign a static IP address. |
| INFO |
|
[1] DynDNS.com: https://www.dyndns.com
[2] EasyDNS: http://www.easydns.com [3] ZoneEdit.com: http://www.zoneedit.com [4] VMware server download: http://www.vmware.com/download/server/ |