If your organization's Internet service is currently used for outgoing connections, you must consider different security issues if you intend to allow incoming connections. The following are some differences.
Outgoing connection:???By providing outgoing Internet access, you need only enable your users to connect to the Internet and gain access to other computers' services. You don't need a domain name, and you don't need your own static IP address. (Chapter 16 describes how to set up a LAN to share an Internet service used primarily for outgoing service.) The focus of your network is on outgoing requests for services.
Incoming connection:???If you're setting up a public server, you want people from the Internet to find you and access services that you offer. The focus is on incoming requests for your computer's services, which means that you probably want a public host/domain name for the server and one or more static, public IP addresses for the server.
You have many different ways to connect your Red Hat Linux server to the Internet and offer its services to the public. In the following sections, I describe what you need to get your server up and running on the Internet.
Although every ISP expects to see outgoing traffic on your Internet connection, not all of them expect incoming traffic (that is, traffic that someone initiates from outside your network). So although your ISP — which may be your local phone company, your cable TV company, or an independent ISP — may expect you to download files from remote servers, it may not expect people to download large files from you.
Assuming that you're going to house the server in your place of work or residence, you need to obtain the following information from a potential ISP:
Does its Terms of Service agreement enable you to offer services over its connection?
Does it have static IP addresses that it's willing to assign to you?
Does it provide connections robust enough to handle the traffic demands on your server?
Any ISP that handles more than a few users has a document that describes what you can do with the Internet connection that it provides you. That document probably carries a name such as "Terms of Service" or "User Agreement." If you can't find it on the ISP's Web site, you will almost certainly see it after you click a link to sign up for an account.
Typically, an ISP requires you to sign up for a business account if you want to do any kind of business on your Internet service. Here are some excerpts from agreements for several ISPs:
". . .you are not permitted to use your Internet connection to sell or advertise goods or services. This is permitted only to those who have purchased a business account or a virtual server."
"Dialup clients are not to use their dialup connection for active or constantly connected Web/FTP/mail or other server services."
"Anyone wanting to promote a business or sell a product must use a business account."
Internet access is the volume business for most ISPs, and they consider business accounts for those who want to manage their own Web presence as premium services. So although you can technically use a personal account to set up a server (TCP/IP doesn't care what goes across the wire), the ISP's Terms of Service or Acceptable Use Policy may not permit you to do so. Although your DSL connection may easily handle a handful of hits a day on your Web server, offering that service can result in the termination of your account by the ISP. Check into what the ISP considers acceptable use before you use any Internet account to set up a public server.
Most dialup and DSL Internet-access accounts use dynamic IP addresses. So whenever you connect to your Internet service, the provider assigns the IP address to that connection. After you disconnect, the ISP can reclaim that IP address to assign to someone else. The next time you connect, you're likely to get a different IP address.
For a server to have constant, reliable presence on the Internet, it will typically have one or more static IP addresses. Most ISPs charge an additional fee for static IP addresses. Each static IP address typically costs between $5 and $20 per month.
You can assign a public DNS host name to a server without a static IP address using Dynamic DNS. Dynamic DNS adds software to your server that alerts the provider if its IP address changes. You can find a good description of how Dynamic DNS works here: www.webwatchmen.com/how.html.
The number of static IP addresses that you need varies, depending on how you configure your servers. Most likely, you want at least two static IP addresses, one for each of two DNS servers (if you're configuring DNS). In a small organization, those same servers may also offer your Web server, mail server, and other services as well. In general, you want one static IP address for each computer that you make publicly accessible to the Internet.
You can do some tricks with services such as port forwarding (iptables in Chapter 14) and virtual hosting (Apache Web server in Chapter 21) that enable multiple physical computers to offer services on a single static IP address. These tricks can reduce the number of IP addresses you need to buy. (To simplify the discussion here, however, I'm assuming that each public server has its own static, public IP address.)
Another difficulty with keeping your servers in your own home or business is choosing how fast an Internet connection you need. Although most data centers at ISPs offer more than enough bandwidth for your needs, high-speed Internet connections may not be available to your location ( or may prove prohibitively expensive.
Although it's technically possible, using a dialup connection (up to 56 Kbps) to support an Internet server is generally considered unacceptable. "Always-on" connection services that you may want to consider include the following:
Digital Subscriber Line (DSL):???DSL service is becoming widely available these days. Using only the standard telephone wiring in your home, you can maintain an always-on Internet connection and telephone service on the same wires. Speeds of between 256 Kbps and 7 Mbps are available with DSL service (although the actual speeds that you attain are typically slower than those in the advertisements).
Integrated Services Digital Network (ISDN):???ISDN has been around longer than DSL to offer high-speed network services, and it's comparable to DSL in the speeds that it can offer. ISDN is, however, typically more expensive to implement than DSL at comparable speeds.
Frame Relay:???This service is a packet-switching protocol that runs across wide-area networks. Although it can prove much more expensive than either DSL or ISDN, it can achieve much higher rates of speed. Speeds can range from 56 Kbps to 1.544 Mbps — or even as much as 45 Mbps. Frame relay can operate across a variety of network mediums. A primary advantage is that it uses virtual circuits that offer a fixed rate of speed, because the circuit between you and the ISP isn't shared with other ISP customers.
If your business can support it, you may want dedicated T-1 or T-3 lines for your business. A T-1 connection can operate at data rates of 1.444 Mbps. A T-3 line can support rates of 43 Mbps. Check with your local ISPs for available connection types and pricing.
Domain names are available from dozens of different domain registrars these days. You can check the availability of domain names from any of these registrar's Web sites, such as GoDaddy (godaddy.com) or Network Solutions (networksolutions.com). Or you can use the whois command that comes with Red Hat Linux.
The top-level domain (TLD) in which you register your own domain should reflect the type of business or organization that you represent. Commercial businesses typically use the .com TLD. Newer TLDs, however, such as .biz and .info, are now available for domains that represent a business community and for information about businesses and individuals, respectively. A new .ws domain is also available for domains dedicated to Web sites.
Other common TLDs are .net (for network services companies) and .org (for organizations). Institutions of higher education in the United States use the .edu TLD. A TLD that has recently become available for public use is the .us TLD, for organizations within the United States. Countries outside of the U.S. each already have their own TLD.
With an active Internet connection, you can use the whois command in Red Hat Linux to check if a domain name is available in the .com, .net, .org, or .edu domains. Following is an example of using whois to check the availability of the domain handsonhistory.com:
$ whois handsonhistory.com [Querying whois.internic.net] . . . Registrant: Hands-On-History (HANDSONHISTORY-DOM) PO Box 943 Port Angeles, NJ 98221 US Domain Name: HANDSONHISTORY.COM . . . Technical Contact: Support (SU1012-ORG) domains@XMISSION.COM Xmission Domain (XDS) 51 East 400 South, Suite #200 Salt Lake City , UT 84111 US 801-539-0852 Record expires on 17-May-2012. Record created on 25-Sep-1998. Database last updated on 3-Aug-2003 14:04:00 EST. Domain servers in listed order: NS.XMISSION.COM 18.104.22.168 NS1.XMISSION.COM 22.214.171.124
If the name were available, you'd see the message No match for HANDSONHISTORY.COM. Because the name isn't available, you can see information about the domain name registrar, name servers containing address records for the domain, and a variety of contact information.
At one point, Network Solutions was the only company from which you could get a domain name in the most popular U.S. domains (.com, .net, and .org). Now, there are new TLDs and dozens of domain registrars from which you can select a domain name.
You can have your ISP obtain your domain name for you, or you can go to one of the domain registrars yourself and register online to get your domain name.
Because prices and services can vary so widely, I recommend that you shop around for a domain registrar. The Internet Corporation for Assigned Names and Numbers (ICANN) maintains a list of accredited registrars at www.icann.org/registrars/accredited-list.html. The list contains links to registrar sites and a list of the TLDs that they support.
Although each registrar offers different domain and hosting-related services, the following list describes the information that you want to collect before you register your domain (and if you don't have all this information at the moment, don't worry — you can go back and fill in most of it later):
Domain Name:???If you haven't already chosen a domain name by using the whois command, each registrar offers a search tool at its Web site that enables you to check the availability of any name that interests you.
Term of Registration:???You must decide how many years of use you want to pay for on the domain name. You can typically pay in one-year increments, with the cost per year usually less the more years for which you reserve the name. Before the domain name expires, you can reregister it.
Contact Information:???Provide the name, e-mail address, street address, company name, and phone numbers for the person in charge of the domain-name registration (probably you). You fill in separate sets of information for the registrant, technical contact, administrative contact, and billing contact.
If you don't fill in the other contact information, the registrar uses the registrant contact information for each of those categories. If someone else is managing your server, you are the registrant and the hosting company provides a technical contact.
Hosting options:???If you're providing your own hosting in Red Hat Linux, you want to decline the Web-hosting service offer that you're given as you register the domain. Along with hosting, the registrar is likely to offer you other hosting options (such as support for ASP pages and FrontPage extensions). It may also offer you e-mail service.
Domain Name System Servers:???The registrar asks you to supply the primary DNS server and one or more secondary DNS servers. If your ISP is providing your DNS service, you can add that information now. If you're getting set up on DNS later, you can usually "park" the domain at the domain registrar and then come back after you obtain DNS to identify the DNS servers with the registrar.
To pay for the domain name, the service expects you to provide a credit card number. Some registrars accept other forms of payment, although credit cards are the most popular means.