Converting an old, unused notebook computer to a server can save electricity, and prevent waste.
I run an OS/2 consulting operation -- I need to have and OS/2 server running at all times. But I'm concerned about using electricity, and I also want the server machine to run quietly.
I run several servers -- e-mail, ftp, web, and more, so I need to keep a computer running all the time. I keep a firewall and virus program running at all times to help prevent any mischief.
The notebook I chose was an IBM Thinkpad T21. It had a useful life, but with a damaged screen and case, it was no longer serving for on-site work, where I wanted to present an image of carrying a powerful OS/2 computer.
The first concern is the firewall. To run a good firewall, there must be two network interfaces, one to the internet, and one to the local net. But the Thinkpad only has one network connection. I added a 32-bit Fast Ethernet Cardbus Notebook Adapter, the D-Link DFE-690TXD.
In order for this to work, I had to support cardbus adapters for OS/2. I used Veit Kannegieser's web page and drivers to provide this support. Both the driver, and the cardbus enabler are required. I found the following config.sys lines accomplished the task. I made the local LAN use the built-in network adapter, and the internet use the D-Link cardbus adapter.
BASEDEV=OS2PCARD.DMD Rem **** DEVICE=E:\OS2\$ICPMOS2.SYS /G BaseDev=CBENABLE.SYS * * 1 1 PCIIRQ BaseDev=OEMHLP2.SYS DEVICE=E:\IBMCOM\MACS\RTSND.OS2
I found many sources of advice explaining I could not use a notebook computer as a server. At the root of this advice is hard drive temperature. I used the SMARTMON program, available on Hobbes, to monitor my hard drive temperatures.
I found that the temperature of my Thinkpad hard drive was 54C, much higher than the 32C of my desktop computer. I knew that the life of most materials would decline 50% for each 10C of temperature. So I looked for a way to cool the notebook computer. I found that by raising the computer to allow air to cool the bottom lowered the drive temperature by 12C, to 44C.
I purchased a small wire shelf at an office supply store, and the Thinkpad is resting on that shelf. The hard drive is on full time, because the servers use the drives often enough that it is not worth shutting down, then restarting the drive. The notebook server has been operational since January, 2006. I will update this page when the hard drive fails.
The following services are installed on the notebook server.
In order to facilitate finding the notebook server from the internet, I have registered it with a dynamic DNS service. If my internet service provider changes my IP, which is a rare event, I notify the dynamic DNS service of the change. I use a short REXX program to detect a change in my IP address.
The notebook server is the gateway to the LAN (Local Area Network) in my house. To protect both the notebook server and the rest of the LAN, I run Injoy Firewall. The firewall rejects connections from the internet, except for particular connections that I permit.
I went throught the process of selecting the rules that permit connections. This consists of setting up rules and settings for the firewall, then visiting a local internet cafe with my laptop, and trying a menu of connections to the notebook server.
Cafe tests for firewall
The following is the rule set I used to permit the connections I needed.
#-----------------------------------------------------------------------------#
# This file contains the Blonde Guy rules. #
# #
# To activate the rules, simply move them to firerule.cnf and update the #
# attributes to match your setup. #
#-----------------------------------------------------------------------------#
Allow-Web Comment = "Open port on protected Firewall PC",
Protocol = TCP,
Destination-Port = "http",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional
Allow-FTP Comment = "Open port on protected Firewall PC",
Protocol = TCP,
Destination-Port = "ftp",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional
Allow-FTP-data Comment = "Open port on protected Firewall PC",
Protocol = TCP,
Destination-Port = "ftp-data",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional
Allow-FTP-pasv Comment = "Open ports on protected Firewall PC",
Protocol = TCP,
Destination-Port = "55000:56000",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional
Allow-Telnet Comment = "Open port on protected Firewall PC",
Protocol = TCP,
Destination-Port = "23",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional
Allow-POP Comment = "Open port on protected Firewall PC",
Protocol = TCP,
Destination-Port = "109 110",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional
Allow-SMTP Comment = "Open port on protected Firewall PC",
Protocol = TCP,
Destination-Port = "25",
Destination = "My_IP",
Rule-Action = Allow,
Direction = Bidirectional
#-----------------------------------------------------------------------------#
# #
# Allowing DHCP leases through an otherwise secured Firewall. #
# #
#-----------------------------------------------------------------------------#
Allow-DHCP-Lease Comment = "Allow DHCP through Firewall (UDP port 68)",
Protocol = UDP,
Destination-Port = "68",
Rule-Action = Allow,
Direction = Incoming,
Web browsers and the NetDrive FTP plugin make use of passive FTP. In order to make passive FTP work, I needed to permit connections on a range of ports, and then I also needed to make sure the FTP server used those ports for FTP.
Peter Moylan's FTP server can be configured to use a range of ports for passive FTP. I allow 1000 ports, which may be overkill, but I don't really know what clients may need in the way of passive FTP port numbers.
The above file worked at Security Level 5. At Security Level 6, I needed to turn off Safe-Mail. Safe-Mail wants to rename or remove attachments, but none of these attachments threaten OS/2 systems. I also needed to turn off the Blacklisting on dropped connections. In order to make ping work, I had to enable outgoing ICMP echo packets.