Weblog entry #1 for summitwulf
See all weblog entries made by summitwulf.
I started experimenting with a VIA EPIA ME6000 with Gentoo - what a hassle. I never got the board to work right; the compiling from source took forever on the 600 MHz VIA processor and it would fail repeatedly with incomprehensible errors nine times out of ten. In the end I gave up. At this point I had never heard of Debian, but I gave it a try with the latest 2.6 kernel. It worked straight away, and I was on the road to building useful systems!
My first firewall was built around Debian Sarge on a VIA PD6000. Shorewall (from the testing branch) implemented the rules. dnsmasq handled the DNS and DHCP requirements of the local network. The biggest mistake I made was installing a full-on Gnome desktop, which made it awkward to run the system headless (no keyboard or monitor - see a related post on this site) due to X complaining. This means I will rework it without a graphical desktop... and also I will have to learn to configure everything without GUIs. =)
I've also had success with these VIA boards controlling simple hardware through the parallel port. For details of some of these projects - including enough information for you to easily replicate my hardware and software - see the site at http://labs.one-wolf.net/.
Comments on this Entry
GNOME on a firewall? No do a minimal install (select nothing in the installer), install only what you need, less software equals less bugs. Bugs in firewalls is bad news, whether it is security, or reliability the users will moan if it isn't working right.
[ Parent | Reply to this comment ]
I'm about to rejig the setup on the machine, and will do a minimal install. However I have to do some research as I am not sure how to configure things such as ethernet adapters without some helpful GUI.
I'm a big fan of the VIAs, and they do pack a lot of capabilities into the board. The low power consumption is really the selling point for me though.
[ Parent | Reply to this comment ]
For ethernet interfaces you will ahve something like
<code>
auto eth0
iface eth0 inet dhcp
</code>
If you are a dhcp client or
auto eth0
iface eth0 inet static
address 10.20.0.1
netmask 255.255.255.0
if you are not
auto eth? simply means that the interface will be started automatically (on boot)
[ Parent | Reply to this comment ]
Next time you install one of these, just get your maching to fresh install without "Desktop". Once finished, install the "x-window-server-core" to give you Xwindows. Then install the desktop of your choice via the "kde" or "gnome" package. You can also use the "kde-core" or "gnome-core" packages to give you the respective desktops without all the extra programs you won't be needing on the server/router/firewall.
My personal favorite setup I do on all my machines is to install "openbox", "mozilla-firefox", and "xterm" instead of a full-blown desktop. Couple this with "webmin" and your set for graphical configuration. Super light weight, on-demand GUI with built in remote access via https. If you have internet on your cell phone, you can admin your server with it.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
How should I set things up to have X start on boot, so that I get a graphical login and don't have to 'startx'? I guess an entry in /etc/init.d/... somewhere? Or maybe I just install 'gdm'? I'm not sure which to go for.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
# apt-get install vim x-window-system-core kdm kde mozilla-firefox synaptic openoffice.org
And as I mentioned earlier, my standard server/firewall/router install is:
# apt-get install vim x-window-system-core openbox xterm mozilla-firefox
Remember, that you can use "kde-core" or "gnome-core" instead of the super light-weight "openbox". This gets you your favorite desktop without all the extra applications and bloat. Then you just run a "startx" when you want graphics.
This leaves out everything Gnome except for synaptic. I can't stand kpackage. Since you are a Gnome guy, (promise not to hold it against ya) you'll be glad to hear that the current Etch installer only installs Gnome when you select a desktop install. I don't know if this will be permanent for the release, but it is the current state of things. Personally, I wish that they would have a KDE Desktop AND a Gnome Desktop choice during install.
[ Parent | Reply to this comment ]
BTW, on my current firewall box I use monit to keep an eye on the system. I've heard people talk about webmin, but they mention that apparently the Debian stable version is somewhat out of date.
[ Parent | Reply to this comment ]
Boy, after teaching 100+ students to use it as a crutch to command line deficiency, I don't know what to do. Maybe this is my great moment to give back to the debian project. Guess I better look into how to become a developer.
[ Parent | Reply to this comment ]