Tag Archives: ft.

How to Build a Computer Network

If you own or manage two or more computers you need to connect your computers in a wired network to share Internet Connection and other services.
Here is a complete How To Build a Network.

Whether you are doing it at home or at your workplace, creating a computer network is not very difficult if you are a handy person and you have basic knowledge of computer networks. We will cover here most of the concepts you need to make your own LAN.
Computer Network
The series of articles will show you how to create a physical network and how to configure it to provide various services to your network users. We will focus on TCP/IP networks as this is the most common networking protocol.

Why Do You Need a Network?

You need a network if you need to share services for two or more computers.
Services that can be shared include: File sharing, sharing a network printer, Internet sharing, email services, Intranet, media broadcasting, etc…
In a home network, it is very common to share a printer and the Internet Connection.
In Business environment, the network becomes more complex and many more services will be needed to accommodate the use of many computers in a single network. Such services are DHCP – for automatic IP configuration, DNS – for name to IP resolution, corporate email, Proxy Server – for increased security on Internet, Intranet server – this is a private web server, VOIP phone system, etc…

What are the Limitations of My Network

You Ethernet cables are limited to 100m between any two active devices. If you need more than 100m between any two active devices such as computer and switch or computer to computer, you need to add a repeater or a hub, a switch will work as well, at each additional 100 meters, (or 333 ft.).
Depending on your materials and equipment, your network can run at 10Mb/s, 100Mb/s or 1Gigabit/s.
The most usual is to use Cat 5 or Cat 5e cables and connectors. A Cat 5 network can provide a speed up to 1000Mb/s.
If you need to connect at longer distances the more suitable solution are
Coaxial cable – up to 500M, speed 10Mb. You need special repeaters or hubs or special network cards.
The fiber optic – 10Km or more, speed up to 100Gb, depending on the equipment. It is the most expensive solution; the price though can be affordable for slower connections. For slower connections, most of the cost will consist on running the cable between the two points.
DSL is the cheap way to connect two remote offices if you have an available copper pair between the two offices.

What Do I Need to Make My own Network?

To make your own Ethernet Network you need the following equipment:
UTP/STP networking cable, RJ-45 connectors, Crimping tool, Punch down tool, Keystone Jacks, Wire stripper / Knife, Network Tester, Patch Panel, Network Switching device. The list includes also a stud finder, drywall saw, measuring tape, mounting plate, fish tape, ladder, and the usual tools such as screwdriver, drilling machine, hammer, etc…
Ample descriptions on the tools and materials are provided by following the links.

Computer Network Planning

The typical Ethernet Network has a star topology. That means that you have a central device, (network switch), that connects all of your network participants. This is important for your planning since you will have to run all of your cables to a central point. Make your measurements and place your central point in such manner that all of your cables are 100m or less. This includes the patch-cord as well.
If you have computers farther than 100m you will need to install a repeater. Alternatively you can use other types of connection, (coax, fiber optic, etc…), see the limitation paragraph.
When you run a cable consider the maximum amount of devices that can be stuffed into that office. It is a lot cheaper to run an extra cable or two per each office location than to run a single cable after the initial installation.
Install the keystones as close as possible to the actual location of the computer. Plan this thoroughly and pick the best location so that the patch-cord is out of the way.
Buy extra cable and extra connectors.
Use common paths for your cables whenever possible. If you run ten cables at once saves a lot of work and time.
Plan your cable route. Use ceiling whenever possible, it is the easiest path. Avoid running the cables near big electromagnetic sources.

Buying Computer Network Tools and Supplies

Do not buy cheap tools and materials. If you do, you will be penalized in different ways:
At the installation time you will get all sorts of problems trying to connect poor materials, cheap cable will be damaged more easily when manipulated, connectors will break easier.
In time the quality of the network will decrease if poor supplies and tools are used.
Overall experience and quality will be very poor if you get too cheap. If buying expensive tools is not justified, (a one time job), try to borrow good tools and don’t buy cheap ones.
Follow the links to learn what to look for when you are buying specific materials.
Now that you planned and bought all the Networking tools and supplies you can proceed to the Running the Cables for a Computer Network.

Internet Business – How to choose your First Web Hosting Company

The Internet Business is a business model that can be started with a minimum of investment. Your work, talent and favourable circumstances can be enough to help you start an Internet business.

If you already have an idea and you planned everything about your product and site’s content you need to start your business. At first you need to minimize the costs and investments in order to diminish risks. If the business will not take off as expected the loss will be minimal and you can try another idea. Read this article about successful business ideas.

The minimum for an Internet business is a domain name, (this is not 100% required but strongly recommended) and a Web Server. A web server can be your own equipment or hosted server. Hosting companies will sell various types of hosting services ranging from a dedicated server with one or more dedicated IP addresses to shared hardware.

A good web hosting package will contain support for application development platforms such as PHP, ASP, ColdFusion, etc… access to a database server and a Control Panel that offers to customers an easy way to manage their website.

As a starter the minimal package will be perfect for you, you can always switch to a dedicated server if shared services can’t accommodate your growing traffic.
Affiliate Disclosure


When you choose your first web hosting look these features even if you don’t think you are going to need them; as your business grows you will certainly need it.

  • Disk space – this should not be a problem, as most of the companies will give you plenty of space or even unlimited space.
  • Technical support – you need good technical support that you can rely on if something happens. 24/7 support is desired so you don’t have to wait the next day to fix your website.
  • Email support, auto-responders, mail forwarding will be great marketing tools.
  • FTP is a definite requirement, SSH connection could be needed, Control Panel is an excellent tool for administration you should choose a package that provides it.
  • Multiple domains and sub-domains will help you pay for a minimal single package while testing various domain names.
  • Up-time is a measure of reliability of a web site. 99.5% or more is a good up-time.
  • Web-site speed – can be determined by a series of factors of which the important ones when picking your hosting company are: the Internet Connection Speed of your host, the number of customers that share a server, the resources taken by the other customers that share the server with your web-site, the capability to partition hardware so that CPU and IO are equally shared between customers, (some companies use a CPU throttling mechanism).
  • Support to database, PHP, ASP or ColdFusion and Perl.
  • Price is very important, at least at this stage, but don’t go for the cheapes just because of the price. All the previous aspects are more important.
  • Try to go local, the language barrier, the time-zone sometimes make a difference. Also it will be faster for your clients to access a local provider than a server located on another continent.

It is important that you focus more on the content of the website and running the business and not on developing the website and learning PHP or ASP. That’s why you have to look for a Control Panel that contains the ability to install a CMS, (Content Management System), such as Drupal or Joomla or even WordPress.

Following is a list with some of the most popular Web Hosting providers:

HOSTMONSTER – The best Web Hosting
Host Gator
Blue Host – Best Web Hosting Plan! 300 GB Space, 3,000 GB Bandwidth – only $6.95/mo!
Go Daddy – $1.99 Web Hosting
Host your Web site with FatCow!
InMotion Affordable Hosting – More Info
Intuit Build and host your website for only $4.99 per month. Start your FREE 30 Day Trial Now
IX Webhosting Top Ranked MS SQL, MySQL, PostGreSQL WebHosting – Linux/Windows
Just Host hosting for $4.95/mo, Unlimited disk space and bandwidth plus FREE domain
Save 20% on Web.com web creation/web hosting products using code TWC287
Business VPS – Virtual Server Hosting from Myhosting.com
iPower Dedicated Servers
1&1 Internet Ltd – UK
iPage – $83 Plan for only $3.50 a month – Click Here for More Details!
Get everything you need for a great web site with Yahoo! Web Hosting – 25% off
Aplus.Net – Special offer: Business hosting from $4.98!
Lunarpages.com – Get a website from $4.95/month + Unlimited Emails, Storage & $700 Free Bonus Software – Limited Time Offer!

Affiliate Disclosure

How to Install Squid with Active Directory Authentication on Debian

How to Install Squid with Active Directory Authentication on Debian

Squid is a caching proxy software, licensed under GNU GPL, (free software).
It can help your Organization to reduce bandwidth and improves response times by caching and reusing frequently-requested web pages.
Squid has extensive access controls and if you don’t mind Command Line Interface is not too hard to configure. It runs on most available operating systems including Windows.
The following article is a step by step HOW TO Install Squid on Debian. Most of the steps are easily applicable to any other Linux distribution such as: RedHat, Suse, Ubuntu, etc…

Hardware requirements

Choose the machine wisely – if you are running a 50 computers Network a PIII should be enough provided that all you do is Web Caching and Filtering.
The memory is the most important and after that the disk speed. If you plan your proxy for a bigger Network you should consider using SCSI drives or SAS, and a faster CPU.
Memory requirements are explained later in the document.

Package Installation

Instal Debian minimal. The install cd, (only 650Mb) should be enough for this.
Reboot after installing and add packages with Aptitude (grafical interface) or "apt-get install program".
Add the following packages:
Openldap
Samba
Kerberos apt-get install krb5-{admin-server,kdc}
PAM apt-get install libpam0g-dev
Squid
Apache if you want proxy Auto-Configuration apt-get install apache2
Dansguardian if you need advanced WEB filtering
SARG if you want a log analyzer for your WEB access/filter

– – – – – – – – – – – – – – – – – – – – – –

Configure Samba

Samba is going to be used for authentication.
Note that if you run squid in transparent mode the authentication will not work.

#nano -w /etc/samba/smb.conf

Add or remove daemons to autostart
#update-rc.d  winbind defaults
#update-rc.d  samba defaults

– – – – – – – – – – – – – – – – – – – – – –
[global]
netbios name = proxy
realm = SUBDOMAIN.DOMAIN.ROOT
workgroup = SUBDOMAIN
security = ADS
password server = server1.subdomain.domain.root server2.subdomain.domain.root
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 10000-20000
domain master = no
local master = no
preferred master = no
winbind enum groups = yes
winbind enum users = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind use default domain = Yes
encrypt passwords = yes
log level = 5 passdb:5 auth:10 winbind:5
server string = proxy
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
encrypt passwords = true
load printers = no

– – – – – – – – – – – – – – – – – – – – – –
Do not add other parameters to the configuration file as they are not needed.
You can always tweak your configuration file later on if you need additional tweaking. If you do need further modifications do one at a time and test it extensively before release to production.
After editing smb.conf run the following command
# testparm
This will test your samba configuration file against any errors.
If there are no errors restart samba:
proxy:~# /etc/init.d/samba restart
proxy:~# /etc/init.d/winbind start
– – – – – – – – – – – – – – – – – – – – – –
Add the server to the domain
#net ads join "Ottawa Computers/Servers" -U Administrator -S server1.sub-domain.domain.edu
If you have Windows 7 you might get this in your /var/log/samba/log.wb: "NTLM CRAP authentication for user returned NT_STATUS_INVALID_PARAM"
If you get it follow the instructions below to tell Windows to use NTLM version1. Note that this is a security downgrade and it opens the door for an SMB man-in-the-middle attack. Asses the risks and the advantages before you do the change.

Run local GP on W7 gpedit.msc and look for:
Local Policies Security Options Network security: LAN Manager authentication level
Change from "Not Defined" to "LM & NTLM – Use NTLMv2 session if negotiated"
– – – – – – – – – – – – – – – – – – – – – –

Configure Squid

Make a backup copy of the default configuration file:
# cp /etc/squid/squid.conf /etc/squid/squid.conf.original
Edit the file squid.conf:
#nano –w /etc/squid/squid.conf
Replace everything in the file with the below text:

– – – – – – – – – – – – – – – – – – – – – –

#Proxy configurationuration - /etc/squid.squid.conf

# AUTHENTICATION
# -----------------------------------------------------------------------------
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid Proxy Server
auth_param basic credentialsttl 2 hours
acl authenticated_users proxy_auth REQUIRED
http_access allow authenticated_users
auth_param ntlm keep_alive on

# ACCESS CONTROLS
# -----------------------------------------------------------------------------
#Deafult acl’s
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

#Declare your local network and any additional subnets
acl localnet src 192.168.100.0/24                # RFC1918 possible internal network
#acl remotesite src 192.168.200.0/24

#You would like that some of the users to be excluded from the logging.
###acl bosses src 192.168.100.255/30
###log_access deny bosses

#Tell Squid to not log google.ca
#Define the acl for google using regex
acl google url_regex ^http://www.google.ca
#Deny logging the acl
log_access deny google

#Allow the access for your localnet.
http_access allow localnet
#http_access allow remotesite

#Define allowed ports
acl SSL_ports port 443                    # https
acl SSL_ports port 563                    # snews
acl SSL_ports port 873                    # rsync
acl Safe_ports port 80                    # http
acl Safe_ports port 21                    # ftp
acl Safe_ports port 443                  # https
acl Safe_ports port 70                    # gopher
acl Safe_ports port 210                  # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280                  # http-mgmt
acl Safe_ports port 488                  # gss-http
acl Safe_ports port 591                  # filemaker
acl Safe_ports port 777                  # multiling http
acl Safe_ports port 631                  # cups
acl Safe_ports port 873                  # rsync
acl Safe_ports port 901                  # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 3128

# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
#The memory needed for caching used files. The more you have the faster works. (No disk access.)
cache_mem 256 MB
#Objects bigger than this should be stored on the hard-drive. This can be lower than 8kb if your server has little memory.
maximum_object_size_in_memory 8 KB

# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
#Make sure you have enough space. And mount this on a fast disk or a raid0.
##cache_dir ufs /var/squid/cache 1000 16 256
cache_dir diskd /var/squid/cache 500 16 256

#This is extremely useful if your users download big files. You can even increase this depending on usage.
maximum_object_size 40960 KB

# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
#This logging format includes the date the address requested the IP address of the requestor and the AD user who made the request.
#Human resources need to know what your users browse during the workday.
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#Where to store all of this data.
access_log /var/log/squid/access.log squid

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr admin@mycompany.net
mail_from squid@ mycompany.net
visible_hostname proxy

# DNS OPTIONS
# -----------------------------------------------------------------------------
##You have the option to use the ISP’s DNS here
# dns_nameservers 10.0.0.1 192.168.0.254
hosts_file /etc/hosts
uri_whitespace allow
http_access deny all

#### --- End of the configuration file --- ####

– – – – – – – – – – – – – – – – – – – – – –

Run the command squid –z to let squid create the necessary directories.
#squid –z
Add the squid daemon to auto-startup, on a Debian machine the command is: 
#update-rc.d  squid defaults
Start squid
#/etc/init.d/squid start

Suggestion:
Test squid without authentication first. If this works go to the next step.
To test without authentication, comment all of the parameters in the Authentication section by adding the “#” sign at the beginning of line and restart squid.

Add or remove daemons to autostart
cd /etc/init.d/
update-rc.d  winbind defaults
update-rc.d -f apache2 remove

Tweaking performance on SQUID

A few settings that can dramaticaly improve the performance on your proxy:

cache_dir ufs /var/spool/squid 1000 50 256
This is the default Squid storage type configuration.
Change the storage type from ufs to aufs if using a Linux or variants.
Change the storage type from ufs to diskd if using BSD or variants.
If you use Windows, is probably for testing purposes, or because you don’t have a machine. Once the testing is done change to Linux or BSD.
The numeric parameters are:
First parameter is the amount of disk space in Mbytes to be used by Squid. The more you use the more physical memory (RAM) you need for indexes in order to be effective.
The rule is that you need
If you want to use the whole drive’s, (partition), space make sure you subtract 20% and use that value. In other words you can only use 80% of the drive.
The second and third parameters are the number of first and second level subdirectories that are created.

cache_mem 64 MB
The more memory you have the better it performs. Local, (cached), objects are much faster to retrieve than external ones.
The more local objects you can store the faster Squid responds.
Squid uses cache for many things other than memory cache, so make sure you have enough memory left when you configure cache_mem.

Memory cache is better for speed than disk, but is lost more easily and you can get bigger cache total spending RAM on indexes.

maximum_object_size 20480 KB
Today’s Internet usage contains has a lot of traffic in the 2MB to 200MB range. This traffic is comprised of multimedia objects, update files, etc.
You need to investigate your traffic and see what is a good number for you.

maximum_object_size_in_memory 64 KB
If you have little memory keep the default 8 KB. It is better to serve more fast pages from memory than a few slow pages that will run faster.

Check if your proxy works and if is logging properly the access.
On your proxy machine run the following command to see realtime access on the proxy: tail -f /var/log/squid/access.log On a client computer open the browser of your choice and change Networking options so that the browser uses the newly installed proxy.
Start to browse and look on the proxy’s console to see your activity logged.