Free SME server
Out of the Box
eBox bundles intelligent and useful services needed to set up a small- to medium-sized network: DHCP, DNS,
and web servers.
By Kristian Kißling
Philip Barker, 123RF
If you are looking to set up a small home network with a print server, file server, and maybe even a mail
server, you can be entirely satisfied with what Linux offers you out of the box. Your distribution's package
manager will let you install all the software you need, although you might break a sweat when you start
configuring and coordinating the individual services. This learning experience is useful but also takes a fair
amount of time.
The eBox SME server can help shorten your configuration marathon. SME stands for "small- to
medium-sized enterprise" and describes the typical environment for the server. That said, eBox is a useful
server product for more challenging home networks and for small business offices. The software, which has
Ubuntu underpinnings, offers users a unified (web) interface - similar to YaST on openSUSE - that lets you
manage the full set of services. The modular system then feeds your input to the corresponding configuration
files behind the scenes.
Before you deploy eBox, it makes sense to know something about networks, such as why you need a DNS
server and what a DHCP server does. The manual that comes with the software [1] is dozens of pages thick,
so I can only give you a short overview of the server's versatility. The modules include a DNS server, a DHCP
server, a print and file server, an http proxy, a mail server, an OpenVPN module, a groupware server, a
firewall, and more.
The interface lets you manage certificates; control the firewall; and set up users, groups, and shares, as well as
handle traffic balancing (distributing access to a specific resource to avoid overload) and traffic shaping
(ensuring that competing uploads and downloads between servers and clients don't get in each other's way).
The eBox portfolio is impressive in its own right, but the eBox developers' main claim to fame is the clever
way in which they integrate all of these services.
The project is maintained primarily by Spanish developers. The software arose from a cooperation between
Out of the Box 1
DBS Servicios Informaticos and Warp Networks in 2004. eBox was designed as an easy-to-manage server
and is now in the hands of eBox Technologies. eBox is GPLd, so the company relies on capital from
investors, subsidies, and commercial support to earn a living. Version 1.0 of the software was released
recently.
Why eBox?
The eBox user should be familiar with the details of how the eBox services work. That said, the software also
targets less experienced users. In this case, some caution is advisable: If you configure eBox incorrectly, you
can block your network. eBox helps experienced admins avoid manual parameterization of individual
services.
eBox is accessible on the local network in its file and print server roles. If you use a server with two network
cards, you can set the machine up as a gateway that gives you safe and quick Internet access. eBox can replace
a router in this case, and an internal firewall keeps the server secure.
Out of the box, the server runs on Ubuntu "Hardy Heron" (version 8.04); however, the eBox package released
with Ubuntu "Intrepid Ibex" (8.10) reportedly does not install properly. Packages are available for either
distribution from the PPA for eBox Platform site [2]. A standalone distribution with an installer and a Live
CD are available as well. The Live version lets you test eBox without risking your network setup while
allowing you to gain initial experience with the interface.
Getting Started
To launch the Live version at boot time, type live. The password for logging in to the eBox web interface is
ebox. The distribution gives you a plain IceWM desktop equipped with the Firefox browser, the Mutt email
client and the text-based W3m and Links browsers. At the web interface, you can set up various services - the
configuration settings are shown to the right in each window, with the services and the configurable areas on
the left. To start, create a new password and click Change, followed by Save changes, and finally Save to
make the change permanent - a somewhat convoluted approach.
Selecting Dashboard at the top left takes you to an overview with the details for your network interfaces, as
well as for active and disabled services (Figure 1). At the bottom right below "DHCP leases," you can see the
computers that are currently and have recently logged on to the server. Farther down, you see an overview of
the active and inactive services (Figure 2). The widgets on the desktop change to reflect what you are doing
with eBox.
Figure 1: The eBox dashboard: It adapts to suit the user's requirements and provides a useful overview of
current activities.
Out of the Box 2
Figure 2: The dashboard also shows you which services are currently running.
The Module Status item in the list on the left lets you enable and disable modules. For example, if you do not
explicitly launch a DHCP server as a service after configuring it, the server will refuse to work later on. Most
modules are disabled by default to prevent potential attackers from invading your network while you are busy
finishing your eBox configuration. Before you can start some modules, you need to launch dependent
modules first; for example, the Squid HTTP Proxy requires the Network and Firewall modules. For traffic
shaping and balancing, to control incoming and outgoing network traffic, you need to set up at least two
gateways.
When you make a change, the box to the top right beside Save changes turns red. Clicking the box applies
your changes. In some cases, the software will ask you whether you want to save the changes. In other cases -
in line with Debian policy - you need to manually and individually confirm changes to critical configuration
files.
Case Studies
A step-by-step tutorial is available from the eBox forum [3] to guide you through the initial setup scenario.
The tutorial assumes that you will be setting up a server with two network adapters: One adapter links your
network to your provider, and the other serves the local users and has a private IP address. This scenario also
assumes that your network includes a standard router that uses DHCP to assign IP addresses.
The ability to configure eBox from another computer is interesting. To do so, you just need to plug the
machine's Ethernet cable into your router and do the same for your eBox server. After you complete the
installation, eBox will not boot to a graphical desktop - in contrast to the Live system - and this makes
configuration on the server machine fairly tricky.
When you boot eBox, the internal network cards are assigned IP addresses, which you can discover with
/sbin/ifconfig: In this example, I will be using 192.168.0.12. Armed with the addresses, you can then go to
your client machine and use https (https://192.168.0.12) to connect with the server. When I tried http, I was
told It works!, but I did not see the eBox login.
After logging in to the eBox interface and typing the ebox password, you need to configure the other network
card that eBox is not currently using and assign a static IP address. eBox will use this address later to assign
IP addresses on the local network. At each step, save the changes you make and then go to System | Date/Time
to set up an NTP server that will retrieve the current time from the Internet. Then go to DNS and set up your
nameserver and assign a domain name to your private network, such as ebox.net.
In the DHCP item, configure the DHCP server for the network interface with the static IP address. The
important thing is to specify a range of IP addresses for the DHCP server to assign in Add a new range, such
as the addresses between 192.168.1.100 and 192.168.1.150 (Figure 3). Now select eBox as your gateway, and
Out of the Box 3
the local DNS server you just set up as your primary nameserver - don't forget to visit the Module Status
section to enable the DHCP and DNS servers after you have finished configuring them.
Figure 3: Setting up a DHCP server: Don't forget to specify a range of IP addresses for the server to assign.
The next step is to set up a user and a group, before preparing eBox for life as a file server. The feature for this
is File sharing | General settings. Don't forget to set a Quota limit to keep your users from filling your hard
disk up to the brim. Then in the File sharing | Share section, set up a share folder to allow users to access the
eBox shares (Figure 4). eBox creates this directory in /home/samba/shares if you select Directory under eBox.
In the List of samba shares table, click the icon in the Access Control column to, for example, assign user
permissions for access to the share.
Figure 4: eBox lets you set up Samba shares with a couple of clicks, removing the need to edit the
/etc/samba/smb.conf file manually.
Gateway to the Internet
To test the setup to see that it works, you can use a crossover cable to connect your configuration machine
directly to the Ethernet card with the static IP. The DHCP server should assign an IP address to your client
machine. Then you can use your browser to access the eBox dashboard, although you can't reach the Internet.
To access the Internet, you need to set up the second network adapter with your public IP address; your
provider might assign this to you dynamically, or you might have a static address. In Network | Gateways, you
need to enter your Internet provider's IP address, as well as the address of the second network card as the
Interface.
Out of the Box 4
Now that your machine is part of the wild and woolly web, click on Firewall to set it up, then enable the
module. Next, create a new rule that supports all outgoing data traffic and enable the firewall service in the
Module Status section. To connect all the machines on your local network to your eBox, you need to use a
hub without a separate DHCP server. If everything goes well, the computers should be able to use eBox as
their gateway to the Internet.
Conclusions
This short proof of concept simply scratches the surface of eBox's capabilities. The word is that the forum [3]
will soon have part two of the HOWTO with more useful steps, and you can always refer to the eBox User's
Guide [1] until that happens. The guide explains the many eBox functions, although in parts it is skimpy on
detail. If worst comes to worst, you should be able to find answers to your questions on the forum [4] and
from the mailing list [5].
INFO
[1] eBox User's Guide: http://ebox-platform.com/usersguide/en/html/ebox-userguide-book.html
[2] Stable eBox for Intrepid Ibex (8.10): https://launchpad.net/~ebox/+archive/ppa
[3] Tutorial on the eBox forum: http://forum.ebox-platform.com/index.php?action=printpage;topic=896.0
[4] eBox forum: http://forum.ebox-platform.com
[5] eBox mailing lists: http://ebox-platform.com/community/lists/
Out of the Box 5