Providing Net services for the new flat

[ciphergoth]

Geek-only content follows. We currently have cable Internet, with a Linux box providing firewalling and NAT to get the rest of the flat online. Email, web pages, domain hosting etc are done through a colocated box (antipope.org) on which I've configured bind, exim and apache appropriately. It's not this way purely out of geek snobbery - this is actually the only way of providing these things that I actually understand.

However, now we're going our separate ways this probably isn't the most sensible way to do things. When purplerabbits and sibelian move to their new flat, I'd like to set stuff up so they're independent of whatever solutions I have set upon antipope.org.

If I am thinking of it all correctly, they need:

1. A broadband connection (no cable where they're going so this has to be ADSL)
2. Some way of spreading the Internet goodness to all the computers in the flat (eg a NAT box)
3. At least three POP or IMAP accessible email boxes, one for each flatmate
4. Name server records for at least three domains
5. Static web pages for each domain
6. A way of sending outgoing email with a From: field from any domain they own
7. Arbitrary forwarding of many email addresses in those domains, to their own POP/IMAP boxes or to other addresses (eg to me).

So what should they do to get the above services,and how much will it cost? Should they get their ADSL provider to do the lot, and if so which provider should they go to? Should I configure a Linux box to provide NAT as before, or should they get a router and several real IP addresses - in which case, how should they do firewalling? The names are currently registered with gandi.net - can/should they stay that way or will one ISP want to do name registration on top of everything else?

What haven't I thought of?

This is all a bit of a step into the unknown for me, and none of the people in the new flat are serious techies, so straightforward, well understood solutions are very much to be preferred over interesting, innovative, or technically neat ones.

Update: I really appreciate the responses I'm getting here, they're very helpful, please keep them coming!

Comments

[andrewducker]

well, I use www.hostmatters.com for my domain mastery.

If you compare their plans here:
http://www.hostmatters.com/comparison.html
Domain parking isn't a problem for them.

Almost any ADSL ISP will allow you to send email with a From: of your choice.

I'm using a Linksys router for my NAT solution - it's got a simple web front end for configuration and allows both NAT and port forwarding.

So, for about £50 a year, you can have the webspace and email taken care of. Add in about £100 for the router and £25 for the ADSL and you should have everything. I recommend Zen for your ADSL ISP - they were good to me back before I moved to Telewest (when I moved to Edinburgh).

If you want to ask me any questions, my email and IM info is in my userinfo.

[barakta]

The good ADSL ISP's that I know of these days are Nildram, Zen and PlusNet. As far as I know Zen do a block of free IP addresses with one of their ADSL offers. Nildram have been very good with my SO and myself their customer services are quite helpful and they send out alerts for the few times they take things offline, or when they know BT is screwing around with things.

As for a NAT box, maybe some custom linux builds like smoothwall or ipcop (I think they are both essentially the same thing) are worth looking into, they provide a customised kernel and are easy to use even for a non 'geek' type. They allow you to configure all the usual thingss.

I can't think of much else, but then if I am honest my SO does all that and is very fascistic about anyone else jibbling her setup; I am sane and leave well alone.

As for prices, all three of those ISPs are pretty similar and have pretty good speeds and uptime. The only thing I would recommend strong is NOT to go with BTOpenworld, they are terrible going offline ALL the time and more often being so utterly crap that the connection just lags to hell therby requiring restarting to get any kind of bandwidth out of them.

Other than that, hope some other helpful person fills in my gaps.

Natalya

[softfruit.livejournal.com]

Just to echo a couple of points on that, having just gone over to plus.net for broadband they are very good - as a low-grade nerd I like the fact that you can submit "tickets" for queries or problems and check up on their progress through the system, rather than spending half an hour on hold in a phone system. 250Mb of web space is fab for me but might not be enough for those guys - you'll know better than me on that.

Also, some of our machines in work are on BTOpenworld broadband, and it's a disaster area. Plus.net is much stabler.

[kimble.livejournal.com]

Seconded - the IPCop/Smoothwall distros will give you the standard NAT/firewall/web+DNS proxies etc, all configurable from a web frontend (although you can also SSH in and jibble things the geek way). They support those evil USB stingray modems, as well as assorted ISDN hardware and anything that speaks ethernet. I don't know about PCI ADSL modem support, but I'm sure it's in the pipeline. Last time I looked, neither supported non-NAT subnets directly, but if you know your way round ipchains/iptables I'm sure it would be reasonably straightforward to make it work.

I've been hosting low-bandwidth-web/DNS/email/etc services on a Nildram ADSL connection for a couple of years now, and found that the uptime is perfectly adequate for an SMTP server - any NAT router worth it's salt will be capable of forwarding the relevant ports to a server on the internal subnet. If at all possible, avoid hosting the primary and secondary DNS servers for a domain on the same ADSL line, for obvious reasons.

[http://users.livejournal.com/_nicolai_/]

You might find it easiest to farm the web, mail, etc, out to one of the ADSL providers with more clue than average - Zen Internet spring to mind, but I can't recommend any of them.
My geeky solution to all this is to have a PC doing routing and NAT to the cable modem, and several colocated boxes to do email, DNS, USENET, web sites, etc. That's not really what you want, as you say. However, if you can find some appropriate person who runs a colocated box and is willing to share in the use of the box in exchange for some of the cost of the colocation, that might be easier too.
A commercial ISP will do all that you list, but not much more. A colo box can clearly do most anything, so what you choose should (I think) depend on whether what you list is going to be it for the foreseeable future, or if the people concerned may get creative and want to run their own program stuffs.

[hythloday.livejournal.com]

Andrews and Arnold (http://aaisp.net/) do very good ADSL - they're a bit on the expensive side, but their light use (http://aaisp.net/home500light.html) package is pretty good if the people it's for don't work from home. They do as many real IP addresses as you need, and in my experience configuring a linux firewall for real IP addresses is easier and more flexible than doing NAT.

Vis-a-vis the internet services you want to run, you can either opt to have A&A provide them for you or do them over the ADSL. A&A will probably charge a little bit more for what you want (I'd have guessed £50 a year or similar), but they'll certainly be able to do it, and that way you can have someone else handle that for you. The alternative, as you say, is to provide it yourself over the ADSL.

Many people advocate having a seperate server for security, in a home context I think this is rather pointless. The only server you need to configure that you haven't already is IMAP/POP3 - courier (http://www.inter7.com/courierimap.html) is very good in my experience. I'm not sure what you mean about the From header, as every client I've ever used has allowed me to specify it. Something else you might want to set up is some sort of webmail for checking mail remotely, in which case Squirrelmail (http://www.squirrelmail.org/) is excellent and doesn't rely on anything you won't have apart from PHP.

[ciphergoth.livejournal.com]

A&A replied *instantly* and in detail to my sales enquiry - I'm very impressed! They can do everything I asked for, and they charge GBP 90 setup fee, GPB 28 per month for the ADSL service, plus GBP 4.70 per domain per month.

[ciphergoth.livejournal.com]

Here's their response.

[hythloday.livejournal.com]

A&A are extremely impressive. The two times things have gone wrong (in about 2 years) they've been fixed within 15 minutes - once at 9PM and once at 1AM. They are more expensive than their competition but IMO it's definitely a case of getting what you pay for.

[pavlos.livejournal.com]

I have terrible geek skills but I like geek results, so here is what I went for:

• DSL "connection only" package (solo) from Demon. This means you buy your own modem and they just provide the bandwidth. Lots of people offer them, including cheap but insufferable pipex and interestingly priced Metronet.
• Netgear DG814 DSL modem and 4-port gateway/router. Costs about £100. Works. Looks silver. can't have everything.
• Email service from port995.com. At these prices you get POP, IMAP, and web-mail access (Squirrelmail) from any ISP. You just pay for the space and can set up any number of mailboxes you want. You can have addresses@your.domains if you have the domains and can point port995.com as the MX server. All this can be set up through a reasonable web interface.
• I've registered my domain with just-the-name but haven't got anything special, good or bad, to say about them. Reasonable web interface.

I don't know what is a good web hosting service. Also, I have a Linksys 4-port router (BEFSR41) that I can donate to the new flat, but it expects a 10-base T line for the uplink. OK if you have a DSL modem with an ether port, useless otherwise.

Pavlos

[stgpcm.livejournal.com]

I'd recommend the 4 port ZyXEL Prestige 6?? router, which will do NAT, and if you want DHCP (which makes things easier for users, unless it doesn't). If you want better protection than NAT, there is the ZyWALL, which has a firewall built in, but is a silver not-quite-cuboid. They do not currently support IPv6.

I'd recommend not using BT as a provider, and steer clear of "connection only" products - this usually means no outbound mail relay

AFAIK most ISPs will host one domain for you as part of the package, it's just a case of what te additional costs are.

I would try to keep all the internet eggsin one basket, just so there's only one support number to call.

I will find out what we would charge, but I can tell you now it won't be competative.

[barakta]

I'd recommend not using BT as a provider, and steer clear of "connection only" products - this usually means no outbound mail relay

I believe Nildram will unblock port 25 at a request, they will then try spaming stuff using your server and if they find it to be secure they'll unblock it. Seems a good soln to me, stops the ppl who don't care worrying/caring, and those who can keep something secure can make it work.

I agree re eggs in one basket tho.

Natalya

[tempaccount99]

i think the only thing that hasn't already been suggested by someone above is DNS services for your domains - i use mydomain.com, they provide a free service which handles the DNS records for your domains with a nice web interface.

other than that, i'm using Demon Solo, £25 a month, and i paid about £70 for a generic ADSL modem / four port router combined.

[cairmen.livejournal.com]

Just another suggestion for the router - we use the SMC Barricade here at StrangeCo, and we've found it to be a great little dark grey box, doing firewalling and routing perfectly.

Although might you not want to go for wireless networking?

[keirf.livejournal.com]

Wireless might be a good idea - you've got things like the Linksys BEFW11S4 that integrate 802.11b wireless access point together with router and cable modem, and contain their own NAT firewall and DHCP server. They've probably got an 802.11g version out if you look around - infact the WRT54G appears to be a g version.

[ducklofty.livejournal.com]

Just a (cheeky as fuck) thought - but it's probably worth checking if there's an unsecured wireless hotspot covering the new flat (given that it's so central) - probable downside being if the owner suddenly decides to secure it. I can recommend Zen, alhtough I am thinking of switching to a cheaper supplier. It's worth noting that Pipex got voted ADSL Provider of the year by ISP Review and have a very good reputation.

If you are thinking of hosting the flatmates sites in-house then you should probably investigate SDSL, although it may be more expensive it is available in that area - I know Ednet offer it there, although they primarily offer it as a business product.

PS We need to chat about timings for trip to London

[giolla.livejournal.com]

Just to second what other people are saying Zen or Nildram are both very clued. I'm with nildram and have foudn them exellent.

I'd go with an ADSL router, as many of these will do
NAT/Firewall and dhcp for you and have multiple LAN ports all of which makes network setup very easy.
I'm using a 4 port router from:
http://www.amigo.com.tw/ (http://www.amigo.com.tw/)
and you can pick-up a webramp router if you're lucky which has checkpoint firewall-1 built in and works very well /* set one up for a friend */ also does NAT etc.

Some have WLAN built in as well. For DNS and such you might want to look at gradwell.com.