About findus ...
'findus' is a tiny Unix server built
around a mini-ITX mainboard featuring an Intel
Core i3 CPU. It is
used as a file-, mail- and web-server exposed to the Internet. In addition, it
fulfils DHCP-, name- and printserver functions in its local intranet.
Interactive Unix sessions are possible via SSH or VNC.
findus' public IPv4 address is 80.151.56.128. The machine names
findus.zwergenschaenke.net and findus.homeunix.net direct to that IP.
The hardware of findus is chosen in a way to ensure a low power consumption
and a low noise and heat emission profile of the machine. Still,
the performance of the 2.8-GHz Core i3 CPU is more than sufficient for
our needs.
Hardware
Architecture: amd64 (aka. x86_64)
CPU: Intel Core i3-3220T (Ivy Bridge) @ 2.8 GHz, 2 cores, 2 hyperthreds per core.
RAM: 16 Gigabytes of DDR3-RAM
Storage (system): 500 GB S-ATA, Western Digital Scorpio Blue, spinning, 2.5'', UFS2
Storage (/home):1000 GB S-ATA, Western Digital Scorpio Blue, spinning, 2.5'', ZFS
Storage (/var): 1000 GB S-ATA, Western Digital Scorpio Blue, spinning, 2.5'', ZFS
Storage (Minecraft server): 240 GB S-ATA, SanDisk, SSD, 2.5'', UFS2
Storage (Backup): 3000 GB USB, Western Digital Caviar Green, spinning, 3.5'', UFS2
Network bandwith (LAN): 1000 Mbps full duplex
Network bandwith (WAN): VDSL, downlink 100 Mbps, uplink 40 Mbps
Power consumption: approx. 30 W
Operating System
'findus' runs the free Unix-like operating system
FreeBSD 13.0. Derived from the
original Berkley Software Distribution, FreeBSD is now widely
accepted as one of the best server operating systems ever made and is
used on some of the largest and busiest sites on the Internet.
Network Daemons
- SSH
(TCP port findus:22): SSH (secure shell) access, provided by the
OpenSSH server, is available both from the local network and from the
Internet. An SSH daemon is quite possibly the most useful network service
one can run on a Unix machine, providing secure interactive CLI sessions,
filesystem access, and encrypted TCP proxy server functionalities.
On findus, local and remote TCP port forwarding through SSH-secured
tunnels is allowed and ensures access to TCP servers not directly
accessible from the public Internet. X11 forwarding is allowed as well,
but disabled by default. SSH also allows filesystem access across the
Internet using Unix tools like sftp or scp.
Filesystem access from a remote Windows machine is possible using,
e.g., the free WinSCP software.
PuTTY
is a hugely popular tool for initiating interactive Unix sessions
from a Windows client PC.
- CFIS/SMB
(TCP/UDP port findus:445): findus runs the SAMBA-daemon, a free
implementation of the SMB (Server Message Block) protocol. Samba is configured
to be the Primary Domain Controller (PDC) for Microsoft Windows clients on the LAN. It used to govern the domain FINDUSNET used by the former Windows XP and Windows 7 terminal servers 'windus'. Since the latter have been discontinued, SAMBA is of not much use today, and may be disabled in the future as well.
The SAMBA server shares its user accounts with the underlying Unix user management of findus.
- HTTP and HTTPS
(TCP ports findus:80 and findus:443): findus is running the
Apache
webserver. Users can provide web content in a folder named 'WWW' in their
home directory.
Webpage files should be made readable by all users. The HTTP daemon is
accessible from both the local network and the global Internet.
- DHCP
(UDP port findus:67): findus provides a DHCP server for dynamic network
configuration of hosts on the local (W)LAN. Needless to say, DHCP
does not spread to the Internet.
- DNS
(UDP port findus:53): findus acts as a Domain Name Server resolving
hostnames on the local network. Other requests are forwarded to the DNS
of our ISP (telekom.de).
- SMTP
(TCP ports findus:25 and findus:587): findus' Mail Transfer Agent (MTA) is
Postfix, a commonly used drop-in replacement for the venerable SMTP server Sendmail.
- IMAP and IMAPS
(TCP ports findus:143 and findus:993): Email can be fetched using the IMAP
protocol. The IMAP server (Dovecot) accepts unencrypted sessions from the localhost only. MUAs on other sites have to connect using SSL.
- IPP
(TCP port findus:631): findus runs the print server CUPS
(Common Unix Printing System)
to manage printers on the local network. Presently an HP
Laserjet 1320 monochrome laser and an HP Deskjet 5550 colour inkjet printer
are installed. Findus' CUPS shares its printers with other (Linux) CUPS servers on the LAN.
Non Unix clients on the LAN may send print jobs via IPP schedulers as provided
by windus' Windows 7 operating system. Connections from the Internet are of
course rejected.
- SANED
(TCP/UDP port findus:6656): The SANE (Scanner Access Now Easy) daemon allows Linux clients on the LAN to use a Canon CanoScan LiDe 210 DIN-A4 flatbed scanner connected to findus. Access from the Windows 7 terminal server is possible using the SaneTwain software by Herman Kuiper.
- MINECRAFT
(TCP port findus:25565): A Minecraft server is active on the standard port 25565. Actually the used software is the community-made "Spigot" (former Bukkit) variant of the official game server component provided by Microsoft/Majong. It runs inside a Linux (Debian) Virtual Machine providing a certified Oracle JAVA 17 runtime environment (there had been problems using the FreeBSD OpenJDK 8 Port in the past). An rc.d wrapper-script allows the dedicated Minecraft (Linux)server to be managed like a usual FreeBSD daemon.
- NTP
(UPD port findus:123): findus runs an NTP server that provides an absolute clock by synchronisation to higher-level time-servers on the Internet. Most clients on the LAN synchronise against findus.
- CalDAV
(TCP port findus:80 and findus:443): findus runs the Radicale CalDAV server. It hosts our family online calendars and thus saves us from hosting such private data on foreign servers. Radicale is proxied by Apache and accessible Internet-wide.
May 2022.
