On Tuesday 02 September 2008, Allen Weiner wrote: > On Tue, 2008-09-02 at 13:12 -0400, Chris Knadle wrote: > > On Tuesday 02 September 2008, Allen Weiner wrote: > > > Use 1: Router/Firewall: > > > > > > Due to power consumption of this PC, I would use the PC as a router > > > only occasionally. > > > > I found using a really old PC as a firewall to be low in reliability, > > but it works. > > Could you give some examples of problems you encountered.
Really old PC's typically run into hardware failure with the hard disk,
cooling fans, and power supplies. This is what prompted my push towards
firewalls that have no moving parts.
> > Old boxes like these are also good as a testbed for server software
> > components.
>
> Could you give some examples. I have zero exposure to servers.
To begin with having a "I don't care about it" box is good for starting to
learn Linux server stuff. After I had a server that was "live" on the
internet that people used every day, I didn't want to BREAK the
configuration -- some services, like especially email, can be tempramental.
So it's good to have a box to experiment with for those types of
configuration.
Examples off the top of my head:
- Reconfiguring Exim4 to do LDAP email address lookups
- Experimenting with converting MBOX files to MAILDIR format with 'md2md'
- Experimenting with syncing mail over IMAP with 'mailsync'
- Reconfiguring vsftp for chooting user logins
> > > Q1: Given my specific hardware, is there a distro which would give me
> > > greater flexibility and/or provide a more extensive learning experience
> > > than specialized firewall/router distros like Ipcop and Smoothwall?
> >
> > Any Linux distro should be capable of turning a box into a firewall --
> > as long as you load iptables, which is not always loaded by default.
>
> I was under the impression that in order to get the iptables
> functionality for routing, the kernel needed to be compiled with a bunch
> of "routing" options specified. Am I wrong?
It does matter how the kernel is configured + built, but I haven't seen a
distro that didn't have the required support available. Another way to put
it -- it would be rather silly for a distro not to have support for making
firewall rules or routing packets through more than one network interface.
> > > Use 2: Networked PC
> > >
> > > Using an ethernet crossover cable, connect spare PC to my primary PC
> > > to form a LAN. I don't need a LAN, but this could provide an
> > > opportunity to learn more about networking and NFS. I don't have a
> > > second keyboard, monitor, or mouse. I don't want to buy a KVM switch.
> > >
> > > Q2: Is there a way to network my spare PC with my primary PC with the
> > > spare PC being headless?
> >
> > Yes, but at minimum you should buy another keyboard, because
> > hot-swapping a PS2 keyboard is bad and risks damage. (Hot-swapping a USB
> > keyboard is fine.) You can run services on the headless machine to let
> > you log into it, such as ssh, ftp, samba, etc. Remote graphics can work
> > also, with X over ssh, NX, and/or VNC.
>
> I didn't have in mind swapping the keyboard between PCs. I envisioned
> having the keyboard permanently attached to the primary PC. I thought
> maybe I could use the primary PC as a remote-serial-console just to
> bring up the second PC. Once the second PC is up, I could then use
> something like SSH to connect to it. Is something like this feasible?
I suppose that's possible, assuming the second PC has the BIOS option to
boot the box up based on serial activity. If you're going to configure the
second PC to really be headless, I suggest setting the bootup messages to the
serial port so that you can see them from the primary PC. (This includes
both the boot loader menu/messages as well as the kernel bootup.) Otherwise
if the box has a problem and doesn't come all the way up, you won't know why.
-- Chris
--
Chris Knadle
[EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Jun 4 - Sqeak! and eToys Jul 2 - KVM (Tenative) Aug 6 - Zenos Sep 3 - TBD
