Friday, August 29, 2008

I hate 'meta' posts - but here's one anyway...

I really don't like talking about blogging in a blog - especially when it's supposed to be an 'on topic' blog like this one. None the less, here I am.

Life's been 'interesting' lately, and I'm just not having the time to create my home server - forget blog about it too. Apologies. The entries are still coming, and I hope to get back to at least every couple of days until the initial setup is complete, but I'm not going to be there in the next little while anyway.

To keep this from being a totally wasted entry I can mention this - I applied a fresh coat of heat transfer paste to the cpu and heat sink, then ran a memory check over night with no reoccurance of heat issues or memory problems. Looks like that machine is back in business.

Just as a backup, I also tested a very similar Dell GX110, which has roughly the same CPU and 256 meg of old fashioned SDRAM. So, if things fall apart with machine A I can just keep right on going.

If you're tired of waiting for entries whenever I happen to get to them, I'm giving you an out.

Here's the Cole's Notes version of installing and using eBox from howtoforge.com.

This blog - endless regular entries - condensed to three pages....

Well, kind of anyway.

Let me know what you think of the entries so far!

Monday, August 25, 2008

Snafu Number One

OK, so to test the hardware I grab my hot off the cd burner copy of the eBox installer and walk over to the system. That's weird - I could have sworn I left it on sitting at the BIOS settings screen.

Turn it on, see Warning - the previous system shutdown due to a thermal event!

Doesn't sound good. A thermal event? I guess you're saying it overheated? I don't image they come with ice monitors.... Maybe it's just another example of poor translation, but sometimes I really wonder why engineers try so hard to sound like English professors being paid by the word.

I turned it back on and booted up from the cd. It looks exactly like the Ubuntu server cd - eBox isn't mentioned anywhere. I started checking the cd for defects. After a couple of minutes it turns off :-(

Same warning when I power it back on.

I don't get it though! There's only two fans and they are both turning, and all the dust bunnies where kicked outside.

I pull out the air deflector around the CPU (where it vents out the back) and I note that the heat sink is clean and fastened down ok - but moves on the cpu.

On old machines like this normally the heat sink grease has welded the two together, but on this one the bond has been broken. I don't know when that happened, but it seems like the culprit. I'll have to dig up my heat sink grease and try again tomorrow.

Sunday, August 24, 2008

Choosing The Victim

This is actually pretty straight forward. Meet the sacrifice.

As I've mentioned previously, I've got a bunch of old PCs lying around, and this one is typical.

A Dell Optiplex 200 desktop style case. It will fit nicely on top of my HVAC unit on the basement, and not look too out of place. It's not hard to work on, and it's even reasonably quiet. It does have one of those Dell proprietary power supplies (grrr.... see rule 4) but I have a spare.

It's a 733 MHz Pentium III, slow by today's standards, but it will run a modern linux ok, with one problem - it's 128meg of RAM. Since it uses the defunct RAMBUS style ram, buying some or finding some used stuff to add in it isn't easy or cheap.

On the other hand, that makes it perfect for this project. I can find RAM for the other boxes and make them able to run a modern Gnome or KDE ok, but not this one. What else could I do with it? Heck, it's got ISA slots - that's got to be good for some geek cred.

Luckily not requiring X reduces the need for RAM substantially. It's quite possible that I'll find it lacking once I start using it, but I'm going to start and see how it goes. It'll be a nice comparison, since this is the same box I tried to run Aastaro on earlier.

I'm sure ACPI issues probably mean suspend to disk or ram doesn't work on a mainboard this old, but as a server it shouldn't be necessary. With only a cpu and power supply fan, and being a PIII hydro usage isn't that bad. I'll try and measure it later.

I have a number of old Fujitsu drives of about 8 gig. I'll use one of them as the system drive. Since it looks like we're going to try eBox, SME server and perhaps vanilla Ubuntu server, the plan is to swap hard drives after each installation. That makes it easy to change back and forth between them, while keeping the hardware identical for comparisons.

I'll put another much larger drive (or two) in later to handle media files. If I use LVM I should be able to transfer forward to the new drives easily once I've picked a winner.

Flipping through the BIOS shows a couple of settings to pay attention to, and a bunch of options we can disable.

First off, the date and time is correct, so at least the battery on the mainboard isn't shot. It'd be a pain to find that out after the fact. I'm disabling the floppy in the BIOS and disconnecting the power to it - I can't see using it for anything.

Since there's no option to pick a boot device via the keyboard, the startup order will have to be CDROM then hard drive. Going into the integrated devices menu I turned off the sound, the mouse port, the serial ports and the parallel ports, leaving on the internal speaker and the built in network card. I added a standard PCI 3com 905B nic earlier for the Aastaro test, since it wouldn't recognize any of the old ISA cards I have kicking around. I turned off reporting keyboard errors since I won't keep one attached and set it to auto power on whenever it's got AC.

Next up are some quick tests to make sure are hardware is ok.

Thursday, August 21, 2008

Another Competitor - This is getting pretty busy!

Just tripped over Amahi.

From a quick perusal of their website, it's a home-server type setup currently in beta- with a twist.

Currently based on Fedora 8, with plans to support Fedora 9, CentOS and Ubuntu.
They want you to 'sign up' before you install, and they have a Terms of Service section that mentions 'premium services' It looks like remote management is their 'secret ingredient', and they want to monetize things at one point or another. Nothing wrong with that, but not the direction I'm interested in heading at this point.

They do have some cool bullet point features, like compatibility with Vista's built in calendars (which I know nothing about) and Apple iCals.

Also interesting was they have a backup service called 'PPA' that seems to be a combination of partimage a and network booting, ala clonezilla. So, you just reboot, hit F12 to boot from the network and pick either backup or restore. Pretty slick.

But, (getting on my soapbox), you have to manually reboot and trigger the backup. In my experience if you leave backups to the end users, they don't get done. My wife, for instance, is not interested in a process like this, and wouldn't be likely to get it done regularly. I'd rather have something I can schedule so nobody has to worry about it.

At any rate, Amahi looks like interesting competition, and a good source for ideas if nothing else.

Wednesday, August 20, 2008

Hacking the Gnet BB2060

I began to write a fair treatise on this, then realized it probably wasn't necessary. What I did likely won't apply to your set up directly. If you want more details, drop a comment below and I'll try and oblige.

Of note - don't go messing with your modem at random unless you
  • are familiar with this stuff
  • are patient and careful
  • don't mind spending lots of time without a working internet connection
There are some settings in here that relate to how the modem interacts with the DSLAM, and I have no idea what they should be. If you change the wrong setting, you'll get to keep both halves of what's left :-) I did note the manual claims the default reset puts it back to bridged mode, and other settings that pretty much resemble my starting point, but I didn't try it.

The modem's default LAN interface is at 192.168.1.1 and uses the username DSL with the password DSL. Something that didn't occur to me until I starting changing settings is that this modem/router has a plain http interface, so whatever you do is sniffable on the LAN. It doesn't mean much in most home settings, but do make sure your LAN is secure before you start changing things, or you might not be the last one to be making changes! Another weird fact is that the http interface didn't render properly in Epiphany. Firefox worked fine though.

Start by downloading the documents from Gentek's ftp site under ADSL modems. The biggest part of what I did was plainly laid out in the quick start 'ethernet port configuration' guide. There's a complete manual there as well if you want all the details. I've got more reading to do myself.

Of note, the ftp site also shows a Firmware section, but several forums I visited seemed to indicate reflashing this particular modem is very prone to bricking it, and that it's just not worth chancing it.

It's a bit amusing that the most repeated line in the quick start guide is

DO NOT MAKE ANY OTHER CHANGES


I did of course. :-) Here's the highlights.

First up look at the Admin tab and find the Backup/Restore option. Make a backup of your settings before you start so you have a fall-back position. Then make another backup when you are done so you can upload it again later when the modem dies and you get a new one from your provider. (Murphy says he'll send you a different model, unless you fail to make your backup now of course.)

Note on this tab there is a Commit and Reboot section. The save buttons all through the web interface make the settings active, but don't make them permanent. You have to 'Commit' them so they take effect the next time. The Reboot option is quicker and easier than unplugging it all the time.

Also on this tab is the user section. You probably want to change the default password from it's very original setting.....

On the Services tab, under uPnP - disable it. (Unless you like things changing your firewall rules without telling you about it)

Also on the Services tab, under SNTP, add pool.ntp.org as a server so the logfiles the router keeps actually mean something. :-)

There's lots of other stuff here you can explore like some simple parental controls, SNMP etc.

I could have left the LAN side as manually assigned IP since in the final setup all that will be hooked up to it is our home server (see the last post for a pretty diagram), but I decided to turn DHCP on. That way I can use it without the home server in the interim, and it shouldn't cause us any issues down the road. I did pick an oddball IP subnet rather than the ever popular 192.168.1.0/24 range - when you start connecting subnets via VPN's or what have you, it's so much easier if all the pieces involved don't overlap at all.

I did get one nasty surprise as I was doing this. I used the Admin Management Control section to turn off all the various management interfaces of the modem on the WAN side. I left only http and telnet on the LAN side active.

The telnet thing is pretty interesting actually. It looks like it has an extensive CLI interface that operates quite differently than the http style one. I left it active so I can explore that further when the mood strikes.

Now here's the nasty part. No matter what I did, or what settings I put in that management panel, http, telnet and ftp were all available on the WAN side!
That's such a nasty bug I wonder if it's deliberate to all ISP's into their modems regardless of what the user specifies? Just goes to show - always test to make sure you accomplished what you think you did.

To make sure the router can't be altered from the WAN side, I ended up using the firewall section under Services - IP Filter. Simply changing the security level to 'low' activated the rules that blocked the telnet, http and ftp ports. As we go along with our home server project I'm sure we'll end up revisiting this page for more fine-tuning, but those simple rules in combination with the natural firewalling NAT provides will get us going here anyway.

I tried running downloading a sizable torrent over the last couple days (yes, my high speed is a bit of an oxymoron, but the torrent is multiple gigabytes...) and it's been rock solid. So far I feel like I'm on the right track.

Now, if I can resist the urge to dig out my old XBox and keep going with this project instead we can make some real progress.....

Tuesday, August 19, 2008

Never choose the obvious if there's a better choice....

Today I'm looking at network topography.

Looking at our list of services we want our server to provide, it's pretty obvious we need all the traffic to flow through our server. You can't do web filtering etc. without it.

My home network is pretty typical. I've got four desktop computers, a laptop and a Nintendo Wii. For network gear there's a typical cheap wireless router, a switch and a DSL modem provided by my ISP.



The wireless was bridged with the wired side. That way the wireless network and the desktops etc were all on the same subnet.

I'm comfortable that the combination of WPA encryption and below ground placement of the wireless router makes it unnecessary to segregate the wireless further.

So, why can't I just put our new home server right there where the IPCop box was? Well, we want it to serve files and maybe handle email as well. The common wisdom is your server shouldn't be your firewall. There's two reasons for that. One, the firewall is the first line of defense. It's most likely to be attacked first, and losing control of it shouldn't mean you've lost control of all your documents etc too. Secondly, the more stuff there is on your firewall, the more stuff the bad guys have to try and find a weakness in.

Note this is really one of the bigger flaws of the MS Small Business Server that our previous commenter pointed out - all your eggs are in one basket, and that basket is exposed to the internet.

OK, so if we can't put our server on the front lines, then why don't I put the wireless router after the modem in front of the server? Two strikes against that idea too.

One, the laptop is often used as a remote control for one or another of the desktops. If the wireless is a separate subnet, then I'm going to have to poke holes in firewalls etc. to make that possible, limiting our flexibility.

Second, that makes the whole network depend on that $30 router - and I have seen too many times where a cheap router is the source of intermittent issues and frequent lockups.

What else could I do? Well, we could put yet another box in front of our server after the modem. It would have to be a linux box or a quality router to avoid issues. But yet another computer is likely to fall afoul of rule zero :-) and it's hard on hydro too. Buying a quality router breaks rule one.

I must admit I was considering lowering my security standards. I thought I'd painted myself into a corner with this one. Then I started looking at that modem my DSL provider gave me....

It's a Gnet BB2060 - a pretty common aDSL box they hand out to everybody that's a customer. My ISP sets them up 'bridged' so that you run your PPPoE software on a router or PC and the box acts just as a modem. On the other hand, their competition has started handing out 'routers' that act as both the modem and router. They provide DHCP services etc on the LAN side, and do the authentication internally, so clients just run standard DHCP.

I dug up a manual for my modem on line (thanks Google!) and it turns out, as I suspected, it can function either as a bridged modem or a router/modem combo.


I'm not sure what my ISP would think about me doing this - and I'm not going to ask - but I have a very solid relationship with them and a spare modem I can borrow from work if I run into something really weird.

If your ISP is one of those multinationals you might want to think about what happens when you call with a service complaint and the modem doesn't work like it's supposed to on their phone support flowchart.

Now I know that modem is just a $30 box just like my own wireless router, but I have to depend on it anyway, so I'm hoping having it act as router isn't going to make it any less reliable. On the positive side, rebooting the modem is a standard troubleshooting step my wife is comfortable with and it's easily accessible (unlike that wireless router).

The next post will detail what I had to change (and what I was careful to leave alone)
I might even snag some screenshots.

Out of sequence - XBMC How To That Looks Interesting

It's not in the regular flow of things, but it is at least apropos.

I've got an XBox with a dying DVD drive in the basement (who doesn't?)

This is the first How-To I've seen that doesn't involve either the Replay device or a hardware mod chip. It falls nicely into Rule 1 :-) I've looked at using the XBox for a media centre device before, but was hesitant to spend more money on a dead box, especially since all Xbox mod stuff seems to have that grey-market feel to them. I'm sure some (most? all?) of the hardware mod vendors have a good product, but I had no current word-of-mouth that I trusted to pick one.

Now, I should note this How To has two BIG caveats.

  1. I haven't tried this yet. It might be complete baloney.
  2. You have to disconnect IDE cabling on both your PC and XBox at least once - while it's in use! I wouldn't be doing this with an XBox or a PC you love - the results could be tragic. I've accidentally hot swapped IDE devices before, but I cringe every time it happens, and I'm sure sooner or later the smoke is going to come out.
Caveat Emptor

Thursday, August 14, 2008

eBox Making All The Right Moves

I sent a quick email to Soren asking about how eBox was integrating into Hardy.

Looking back at it I probably should have emailed the ubuntu-server list rather than Soren directly, but he was quite gracious.

While he professed to not be familiar with the eBox installer, he did say that eBox provided the packages in Hardy, and it's possible they will become the maintainers in Intrepid directly. In addition he commented on how they have responded in one form or another to all of the concerns raised.

All in all, it looks like the eBox guys are trying hard to be model citizens and should be congratulated.

So, eBox is definitely in with SME server. Next up we pick a network topography. (that's a big word for figuring out which wire to plug in where :-)

Wednesday, August 13, 2008

Ebox - the default web based GUI for Ubuntu Server

The obvious starting point for an Ubuntu home server has got to be eBox.

Both the Hardy server guide and the community pages have (essentially identical) entries on eBox, and it's packages are in the universe repositories for easy installation.

Furthermore, since Webmin has been pretty much depreciated for bad behaviour eBox is really the only game in town at the moment.

One thing I'm unclear on is just how separate eBox and Ubuntu server are. The suggested spec for Hardy seems to say that eBox does go it's own way, and once you start using it you're stuck with it.

As a result, I'm left wondering if the download from the eBox website gives me subtly different results than using the eBox packages in Universe.

Luckily, this is all about open source development - so I can just go ask the guys doing the job where they are at! I'm off to post a note to Soren (his name is on the blueprint) on the ubuntu-server list and we'll find out for sure.

Tuesday, August 12, 2008

The schedule's shot to heck - but we're forging ahead...

Just a quick note to let you all know that I'm sure glad I had a backlog of material lined up to get you to this point. It's not going to be quite a regular for the next little while.

I've had two hardware failures on the main server at work combined with a family vacation and lots of 'real life' stuff that's made finding time to do this difficult.

Don't worry - it's going forward - it's just going to be at a slower pace for the next little bit.

Feel free to post your comments in the meantime!

Sunday, August 10, 2008

At Last - A Real Contender

While looking at Clark Connect info, I saw mention of SME server.

A quick pop over there and a perusal of the forums left me impressed.

Like Clark Connect, with a long history and busy forums.
Unlike Clark Connect, this seems to be a community project first and foremost.
For example, elections and discussions were right out front in the forums.

They keep up to date useage stats, showing a pretty reasonable number of units in service.

The feature list is quite complete including an LDAP server and mention of plug ins like Jinzora, Dan's Guardian and Asterisk.

It is based on CentOS 4, and specifically mentions they try upstream packages unpatched to allow them to quickly flow through.

OK, I think it's time to pay attention to Rule 4. Before I started, I was pretty sure I was going to end up using Ubuntu Server 8.04, and just had to decide if I wanted to try (tomorrow's entry) Ebox on top or not. SME Server is making me reconsider. It looks like it should do everything I want it to - except teach me more about Ubuntu.

So here's a thought - old PCs I have in abundance. Why not install 'em both and see how we make out? All it costs is my time :-)

Saturday, August 9, 2008

Astaro - Are Two Half Loaves Better Than One?

Astaro is a commercial distribution that presents itself as a 'Security Gateway'.
They bundle up their software with a hardware solution and sell it as a complete package or just the software.

Their target market is really SonicWall and similar products. They claim to use the best of both open source and closed source products. Their software is available without fees for home users.

Astaro promotional material shows a very slick professional looking GUI. Their list of firewall and security related options is really extensive. IPSec to IDS and all stops between are covered.

Astaro doesn't really qualify to be my home server for a couple of reasons. Like any true security/firewall solution it doesn't serve files. Most security professionals would tell you a server has no place on a firewall. On the other hand, with the number of bells and whistles they are all packing into their boxes these days, I can't see where adding Samba makes much of a change in their overall target footprint. And of course it's a proprietary product.

Nonetheless, I was curious. It was considered as a possible solution for work, so I thought I'd take it for a spin.

The installer would get roasted on your average Linux distro review site. It's littered with oddities. For instance, the first screen tells you to use the arrows to navigate the installer screens, hit Tab to change the option and hit Enter to accept the changes and move on. Then the next screen says it's going to wipe your hard drive, and tells you to hit F8 to continue :-/ Nowhere does the tab key seem to do anything, and there's never a 'back' option. You can hit escape though - and it'll quit right out of the whole installation proceedure....

The first couple of times I tried it I thought I had a bad CD because it kept saying 'Installation Failed - Restart' Turns out that was incompatible hardware, because when I changed boxes it got a little farther. That time it recognized half my ethernet cards and posted a message saying it couldn't be a good firewall on just one ethernet card.

Now it is linux, and if you do things like using control-alt-Fx to look for other consoles you can see a whole lot better what's going on, but the default install screen is pretty terse, and the options are few.

Once I had it installed it tells you to reboot and log in via the web gui to complete the installation. I did so, and imediately started seeing the polish that shows up in their marketing materials. It's a nice boot screen, and looks quite professional. The web gui is pretty too - at least what I saw of it.

I set the passwords, and ran thru the wizard, but once I turned a few options on it turned my target box into a complete waste of time. The GUI became so unresponsive that it was unusable. I actually rebooted sure that it must be hung or acting up, but no - it was DDOSing itself. I'm not sure why the hardware passed their check during the installer, because it was completely unable to run their product.

It's probably a good product for what it's designed for, and I'm guessing a gig of ram would have made it perform usefully, but I'm not wasting time here when it won't due what I need it to anyway. Onwards!

P.S. If this is really what you want, rather than a home server - take a look at IPCop, Smoothwall, Vyatta, and Untangle among others. Gotta be one there you like.

Friday, August 8, 2008

A Fallback Position

Started looking at Clark Connect.

I've got to say - it looks feature complete.

It's been around since 2000 so I doubt it's going away anytime soon.

The forums are very active, so it's obviously well used.

I'll probably give it a try if I can't find anything else - before I start from scratch.

Why the reluctance then? Well, I can't put my finger on it, but it just seems so darned commercial. I mean the 'Community' page is 50% a request to put up banner ads for Clark Connect.com. It's like the 'find the free version' game that Grisoft plays with AVG on their website. (With Grisoft that's free like no cost incidentally - I won't promote them further with a link).

Maybe I'm too sensitive, but I found the Wikipedia article more straightford and informational than the company site. Do you know I can't find the fact it's based on Red Hat anywhere on the Clark Connect site? They talk about the 30 day trial but not about the 'free forever' version anywhere. It's Wikipedia that confirmed for me the community version is no charge.

So, other than it's based on Red Hat rather than Debian/Ubuntu it certainly seems to fit most of my needs, but it's not making me excited about it. Not logical maybe, but not my choice for right now.

Thursday, August 7, 2008

Satega - Ubuntu Home Server Redux ?

Checked out Satega

I wonder why they picked the name Satega? To me it's the name of the Ronin's homeworld.
And yes, I know they are spelled different. It's just the only thing that comes to mind.

They've got a cool logo. And they seem to have at least a couple of real devs with a Launchpad site and some code written. But it still seems like it's in the discussion stage. Unfortunately I don't grok git well enough to poke around and see the amount of code they are writing. Maybe they're farther along than I think they are. At any rate, I'm not waiting. Looking at their comments they're still thinking bigger scale than I need, and they're inventing new stuff I'd rather let somebody else get the bugs out of.

A simple interface to the server stuff isn't what I want. It could use tinkertoy controls with video help for every step and my significant other still wouldn't use it or care. That's my job - she just wants the results.

Wednesday, August 6, 2008

The Competion - Part One

Windows Home Server - no need to rewrite that - looks comprehensive enough.

What to steal?

The ideas I've already mentioned.

Network monitoring ala Nagios seems like overkill - I only care if my PC is on when I'm in front of it - and then I can look at the pretty lights :-)

Printer Sharing - yep - I've got a couple of inkjets I could share out that way

A bunch of server items that I planned on using that aren't really end user features - like RAID, headless operation etc - all come free with Linux and don't deserve a bullet point here.

Aha - media sharing via Windows Media Connect. Might be useful if we ever get an Xbox. Won't work on the Wii though. See Media Tomb

From earlier research the only solution for the Wii seems to be Jinzora

Nothing else grabs me as 'gotta have it'

Tuesday, August 5, 2008

Step One - Survey The Field - Do We Need To Do Anything?

I think it's the Python tradition to 'shamelessly steal what ever is useful'

(Yes, I feel like throwing around unattributed quotes lately. Ya want proof they're real? Go find it :-P )

So why not buy something? Oh - that's rule one, and rule four. That throws out a lot of stuff like Windows Home Server, that probably don't do what I want anyway. Worth a look to see what it does to steal ideas from though.

We said we liked Ubuntu, so is there an Ubuntu home server already?

Well, sort of. Ubuntu Home Server has a website, and a wiki, and forums, and lots of ideas, but at first glance to me it looks a bunch of unorganized stuff that was started twice and still hasn't put out anything I can actually use. Ooops - looks like it's dead again...

Note to self - keep it small and easy. It's obviously easy to fire around blog entries and hard to deliver when you've got big ideas and no programmers. Hmmm, sounds like me....

Off to find other possibilities and report what I think about them as I go.

Think I'll time these short blog posts to come out daily or something to make it look good for the aggregators or whatever rather than posting seven things today and nothing for a couple of weeks.

Monday, August 4, 2008

Step Zero - Define The Problem

Einstein was once asked if he had an hour to save the world from total destruction, what would he do? His comment was he'd spend 58 minutes defining the problem, and 2 minutes looking for the solution.

On the other side of the fence in a recent interview somebody asked Linus about 'innovation' and he replied
I have never had trouble finding people with crazy ideas. I have trouble finding people who can execute.
All right, now I've got enough quotes to start an argument, what about Rule Number Four?

Guess Linus wins this round. Lets figure out what we need roughly and get on with it.

0 - as close to zero maintenance as possible. I might be on vacation, the hydro might go out for a day, or real life just might be more interesting that day. Has to be 'no worries'

1 - Backup Drop Spot - Computer problems are a lot easier to solve with a working backup :-) And on a home network backups can be a real bitch. Lots of big files, no organization, and the most demanding users you'll ever find anywhere - your significant other and family members who just know that you're the computer geek who's supposed to know how all this stuff works right?

2 - DNS - Because my family aren't into remembering IP numbers

3 - aDSL PPPoE connection maintaining. Because it has to work whenever they want the internet, no muss, no fuss

4 - DHCP - more of the it should just work for friends and family stuff

5 - Central file share - because maintaining multiple copies of all your movies and music is silly, and makes Rule 1 even harder to follow

6 - Firewall

7 - Web filtering. My kids are old enough to try typing things, and young enough not to know why that's a bad idea. And yes, I supervise them, but I don't pretend to believe I'm perfect, and they aren't just a bit sneaky from time to time :-)

8 - Cross platform (see Rule 3)

9 - Central sign on and mobile profiles for the kids - because they don't care which computer they use, and they shouldn't have to really.

10 - Safe remote access to all machines.

11 - Guest wireless and wired access that doesn't give away the keys to kingdom for visitors

12 - Mail server that downloads mail regularly, virus scans it and stores it before the end pcs see it

13 - lots of flexibility to do other stuff I haven't thought of at the moment.

Sunday, August 3, 2008

What The Heck Is This?

This is an experiment.

My IPCop firewall died yesterday (hardware I think - it's been flawless for years but bad the last couple of days).

Of course using a white box as a firewall is a bit of a waste of hydro, and overkill for the job in a lot of ways. It's kinda noisy too, although I just installed mine next to the furnace so one more fan is no big deal :-)

I moved my wireless NAT router so it's the main firewall for our home network, but it's missing so many features I'd like that I immediately started thinking about putting a PC back in there.

Yes, I could by a better wireless box that does everything I want, or buy one and put DD-WRT or something similar on top, but hears the rub (and RULE NUMBER ONE FOR THIS BLOG)

My budget is $0.

Ooops, time for RULE NUMBER TWO.

My time is free.

OK, with those rules out of the way, and a bunch of old whitebox PCs floating around not doing anything, that resolves the 'why not use something designed to do that job' argument. Oh, and I plan on going beyond what a box with 8 meg of ram and a USB port can do anyway.

So, what am I going to use?
Well, let's start with RULE NUMBER THREE

Propriatery sucks. If you qualify or identify with rules 0, 1 and 2 - then by golly you should be able to do exactly the same things I do and get the same results. Anything that gets in the way of that is the enemy. So, Windows is out - so is Mac OSX. I don't know much about the BSDs, so I'm going linux. Ubuntu specifically because I want to learn more about that flavour.

Last but not least is RULE NUMBER FOUR

I'm making this up as I go along. Or, stated differently - what you see is what you get.

I really don't intend this blog to be readable, or pretty, or grammatical.

If you find something here, cool, but I don't intend (at least at this point) to try and make this make sense. It'll likely be a combination of a bunch or URLs for further info, stream of consciousness thoughts and specs, and records of what I did when.

If we end up with something useful, then we pretty up the documentation and give it to the world - after all, PROPRIETARY SUCKS!