It has been a while since I last blogged, mostly due to the fact that I’ve been busy settling into my new place, travelling to IKEA, breaking IKEA mobility vans, buying furniture, etc. However, I’ve started on a new little project, and I thought that I’d document as I go along.
The project I’m working on is a little home network. You could say that a home network is rather easy, and it is, but I’ve decided to make my life more complicated. I want to learn more about routers, DNS, firewalls, traffic-shaping, etc, so I thought that this was the perfect project for that. Additionally, I might soon get another computer with some colleagues at a colo, so that will give me enough reliability (along with my linode box) to set up a set of nameservers for my own domain.
Currently I would like to:
Let’s start by defining the hardware I have:
- Two ALIX engines, one with a 1GB CF (compact flash) card and one with a 4GB CF card. I’m expecting another 4GB CF card to come soon, to play around. These both have 3 ethernet ports, which gives you a lot of possibilities to play with. One also has a miniPCI WLAN card. I bought antennas for it too, sadly the connectors I got to attach the two is wrong, so I’m waiting for new connectors.
- One cablemodem, with my current contract I should be able to get 4 ips from it.
- One Netgear GS608, 8-Port Gigabit Switch. I was going to get a 100 Megabit switch, but sadly they were out, so I decided to upgrade.
- One Netgear ProSafe GS105 Gigabit Switch.
- Several ethernet cables, it would be a rather pointless exercise without it, wouldn’t it?
- A Kingston 19-in-1 Card Reader. I saw it in the store, it was rather cheap, and I figured I might be able to use this to set up the CF cards. Though I’m currently leaning towards PXE boot.
- Finally, I still have an old linksys WRT54G wireless router.
- Additionally, I have a macbook pro which I’m using to write this blog, as well as Google random information, and a Dell Latitude D610 which I will use both as primary installation device, as well as laptop to connect to the serial port of the Alixen.
Now, originally, we had the WRT54G wireless router in our office, on the first floor. Sadly, due to the incredible swiss building style, we’re not able to get WIFI in the living room, which is exactly 1 floor up. We’re investigating whether we can use the ISDN-plugs that seem to be available in each room to route ethernet upstairs. If that’s possible, then the links router will go upstairs for WIFI in the living room, and I’ll use the ALIX engine with the WLAN card to supply our downstairs with WIFI. Let’s hope it’ll work, otherwise we might have to get another WIFI bridge, which wouldn’t be very neat.
Currently, the plan is as follows:
- Use the 5 port switch to get the most out of my public IP space. I’ll probably attach my PS3 directly there, so I do not have to set up natting etc for online gaming. Additionally, if I can route through the ISDN cables, I’ll use this to send a public IP straight to the linksys WRT54G WLAN router in the living room.
- Use one of the Alix boxen as router, firewall and WLAN device. For now the other ALIX will be for experimentation, though I’m tempted to set up VRRP. The primary alix box will serve as router between the public IP space and the private IP space. Since it has three ports, I might even go for a DMZ.
- Use the 8 port switch as switch in the private IP space.
I’ve been contemplating quite a bit which OS to install on the Alix boxen. I’ve always worked with Ubuntu (well not quite always, way way long ago I had Mandrake, and prior to that Slackware). There are mini-distros available, but given the amount of space I have on the CFs and since I want this to be a learning exercise, I’ve decided to stay away from them. This leaves me with the following choices:
- Ubuntu. I’m the most familiar with it, and generally it tends to be rather painless. That being said, it usually installs with a X11 system, no matter which version you choose, and
- FreeBSD or OpenBSD. This are usually ideal for this, or so one should believe. However, I have little experience with them. It might make a good learning exercise, bu on the other hand, I’m expecting to get a colo’d box soon with some colleagues that will run Debian. So it is best to capitalize on one system.
- Install debian on the main Alix box. I’ve been contemplating a lot about this. On my dell, I use ubuntu, and I quite like it. However, one of the downsides of ubuntu is the frequency with which I get patches for it. That is perfect for a device that one uses actively. However, for a server/router box, this is not ideal, especially if you have CF. Stability is key. I’ve also considered FreeBSD or OpenBSD, just to learn more about them, but since the colo-box I will share with my colleagues will most likely be debian, it makes sense to use debian, that way I can reuse the configs, scripts etc.
For the PXE install, I followed the advice on this page. Sadly, after a lot of struggling, I would get the device to start dhcp, it would actually start copying files, but it would not boot. I then moved to trying to install plain old debian, however this failed as well, it would boot properly, but then it would simply hang. Perhaps it is the serial settings of minicom that were screwing up.
Therefore, I’ve moved on to try Voyage Linux, which seems to be a slimmed down Debian specifically suited for this purpose, but not limited to being just the slimmed down version. Installing it was a breeze, I just followed the instructions given in the README, and everything worked perfectly.
The first things I did, was install vim and screen. I also set up proper .screenrc and .vimrc.
Looking further into how things are mounted, I noticed the following:”
- /var/lock and /var/run are mounted purely in memory with tmpfs. This is done by the /etc/init.d/mountkernfs.sh script
- /var/log and /var/tmp are mounted as aufs, which is a union file system that will write to memory but also show what’s on disk. They are setup by the /etc/init.d/voyage-sync script. Additionally, this script also rsyncs files back to disk when shutting down.
This shows two different ways of not using the CF when not required, one which is purely transient and one which is non-transient but saves on CF writes. Currently, I think the following setups might be good:
- Use the overlay file system, aufs, for .ssh. Do not sync automatically on this, but instead selectively do so.
- Use tmpfs for /var/lib/apt. I do not need my CF to be spammed with a bunch of stuff just because I want to rarely install a package.
This article has remained as draft for far too long, so I will publish it and create a second article to continue.