Q about box for wired/wireless router + firewall + NAT + local services

I'd like suggestions for a "just-enough" distro/setup.

I've used Madrake and Redhat before and find they offer WAY more than I
want. I'm not a linux guru, so I do need some "assistance utilities" in
setting things up on the computer (I'm good with computers, I just
don't have much *nix experience). Therefor, I have to install Xwindows
since some of the text-based "wizzards" are neglected or missing for
some tasks. At least, I haven't found in the recent distros a lot of
the text-based wizzards that used to be in there around the year 2000.

I only have one computer I can use, a P200 (upgraded to K6-300) w/ 96MB
EDO and a 3GB hd. I might be able to get a more modern +300MHz working
(may just need a new power supply), but I'm not counting on it. (money
is tight)

I currently use it as a squid server, samba server, socks server, mySQL
server, and TeamSpeak server. (I dialup with a winXP computer, since
the softmodem was buggy under linux). It has apache isntalled, but
stopped by default as well (in case I want practice), and I often run
text processing PERL scripts on the box (leaving the winXP machine
free). I currently have the firewall setup to allow access to all these
services (also,SSH instead of telnet) from the local network instead.
The wireless card in it allows my laptop to easily to connect to the
LAN (I use WEP).

I have oredered slow DSL (its only $24.95) and plan to have the linux
box be the gateway again. I would like to reinstall with a more
dependable setup, as the Madrake 10 system is always requiring
intervention. Especially when there is a power outage; It never
defaults to correcting disk errors. Instead it sits there until I plug
a keyboard and monitor in again (no SSH at that point). I'd like the
system to handle power outages seamlessly, and be hands off: that
tinkering is only needed when I want to change something, not to keep
it running.

I was thinking of trying BSD, but that is probably more stuff than I
need too. I do prefer installing _new_ software by compile, but I
prefer setting up a system the "windoze" way (select items, it
installs, you configure TONS of stuff, and then it works [well, maybe
not for most M$]). I need text-based "wizzards"; they don't have to be
babby sitters, just something that is quicker and easier to learn than
plain /etc/ files (like how RH and Mandrake used to be for text only
installs)

Also, people say you should not have services on your NAT box. Doesn't
firewalling the services from outside access negate those dangers? At
most I might open TeamSpeak, or possibly Apache to a single IP for
30min durations. I have no choice but to use one box, can I do
something to make it safer? (Yes, I have read half a dozen HOWTOs on
various networking topics and servers)

Thank you for reading this
DJ

On 2 Sep 2006 10:53:58 -0700
(E-Mail Removed) wrote:

> I've used Madrake and Redhat before and find they offer WAY more than
> I want. I'm not a linux guru, so I do need some "assistance utilities"
> in setting things up on the computer (I'm good with computers, I just
> don't have much *nix experience). Therefor, I have to install Xwindows
> since some of the text-based "wizzards" are neglected or missing for
> some tasks. At least, I haven't found in the recent distros a lot of
> the text-based wizzards that used to be in there around the year 2000.
>
> I only have one computer I can use, a P200 (upgraded to K6-300) w/
> 96MB EDO and a 3GB hd. I might be able to get a more modern +300MHz
> working (may just need a new power supply), but I'm not counting on
> it. (money is tight)
>
> I currently use it as a squid server, samba server, socks server,
> mySQL server, and TeamSpeak server. (I dialup with a winXP computer,
> since the softmodem was buggy under linux). It has apache isntalled,
> but stopped by default as well (in case I want practice), and I often
> run text processing PERL scripts on the box (leaving the winXP machine
> free). I currently have the firewall setup to allow access to all
> these services (also,SSH instead of telnet) from the local network
> instead. The wireless card in it allows my laptop to easily to connect
> to the LAN (I use WEP).

Sounds like you should be getting a hardware modem. You can find them at
a good computer retailer or ebay. I recommend a USRobotics 56k.

> I have oredered slow DSL (its only $24.95) and plan to have the linux
> box be the gateway again. I would like to reinstall with a more
> dependable setup, as the Madrake 10 system is always requiring
> intervention. Especially when there is a power outage; It never
> defaults to correcting disk errors. Instead it sits there until I plug
> a keyboard and monitor in again (no SSH at that point). I'd like the
> system to handle power outages seamlessly, and be hands off: that
> tinkering is only needed when I want to change something, not to keep
> it running.

The problem is a unclean shutdown of the filesystem, if you have ext2,
you should think about using ext3 (check your kernel can access ext3
first of course), the transition is rather straightforward:

tune2fs -j -c 0 -i 0 /dev/hdX

if i remember correctly. ext2 and ext3 are the same format, just that
ext3 has a journal which means you don't generally have problems with
the unclean shutdowns.

You should then modify the /etc/fstab so that the filesystems mount as
ext3.

> I was thinking of trying BSD, but that is probably more stuff than I
> need too. I do prefer installing _new_ software by compile, but I
> prefer setting up a system the "windoze" way (select items, it
> installs, you configure TONS of stuff, and then it works [well, maybe
> not for most M$]). I need text-based "wizzards"; they don't have to be
> babby sitters, just something that is quicker and easier to learn than
> plain /etc/ files (like how RH and Mandrake used to be for text only
> installs)

OpenBSD is perhaps closer to your requirements in BSD land, but it's
sounding like you need Debian.

> Also, people say you should not have services on your NAT box. Doesn't
> firewalling the services from outside access negate those dangers? At
> most I might open TeamSpeak, or possibly Apache to a single IP for
> 30min durations. I have no choice but to use one box, can I do
> something to make it safer? (Yes, I have read half a dozen HOWTOs on
> various networking topics and servers)

The danger they are warning about is that if the NAT box is compromised
then they can modify the firewall to allow 22 inbound perhaps... Or run
passwd there to change your root password...

Debian netinstall is meets your requirements. It's primarily text based.

--
Regards, Ed :: http://s5h.net/qf
just another python hacker
Chuck Norris commands all five lions of Voltron simultaneously.

ed wrote:
> On 2 Sep 2006 10:53:58 -0700
> (E-Mail Removed) wrote:
>
[snip]
> Sounds like you should be getting a hardware modem. You can find them at
> a good computer retailer or ebay. I recommend a USRobotics 56k.
Now that I am getting low speed DSL, that is not really a concern
anymore.

>
> > I have oredered slow DSL (its only $24.95) and plan to have the linux
> > box be the gateway again. I would like to reinstall with a more
> > dependable setup, as the Madrake 10 system is always requiring
> > intervention. Especially when there is a power outage; It never
> > defaults to correcting disk errors. Instead it sits there until I plug
> > a keyboard and monitor in again (no SSH at that point). I'd like the
> > system to handle power outages seamlessly, and be hands off: that
> > tinkering is only needed when I want to change something, not to keep
> > it running.
>
> The problem is a unclean shutdown of the filesystem, if you have ext2,
> you should think about using ext3 (check your kernel can access ext3
> first of course), the transition is rather straightforward:

Actually, I am already using ext3. The problem is that the desktop
orientated Mandrake asks for permision to scan/repair the drive instead
of doing that automatically. I scoured the /etc/ directory and did a
couple "googles" and could not figure out how to change it to be
automated (even windoze can do automated recovery).

The reason I chose ext3 over ReiserFS (I wanted a JFS since brown outs
are occaisional), is because of the ACLs. I wanted better control over
the access rights of files and folders, but so far (<2 yrs) I have yet
to use ACLs. *chuckle*

> tune2fs -j -c 0 -i 0 /dev/hdX
>
> if i remember correctly. ext2 and ext3 are the same format, just that
> ext3 has a journal which means you don't generally have problems with
> the unclean shutdowns.

Yes, it is (so I have read). Or more specifically, ext3 is an extended
ext2.

[snip]

> > Also, people say you should not have services on your NAT box. Doesn't
> > firewalling the services from outside access negate those dangers? At
> > most I might open TeamSpeak, or possibly Apache to a single IP for
> > 30min durations. I have no choice but to use one box, can I do
> > something to make it safer? (Yes, I have read half a dozen HOWTOs on
> > various networking topics and servers)
>
> The danger they are warning about is that if the NAT box is compromised
> then they can modify the firewall to allow 22 inbound perhaps... Or run
> passwd there to change your root password...

I don't mean to sound like I am arguing, I am merely curiously
asking... If your NAT does not allow ANY local services access from the
internet, how can it be compromised? I realise that if I open TeamSpeak
to the net, that could be an entry, but what if I don't; That nothing
is open?

As for local services connecting to the 'Net, that would only be PERL
driven curls on known sites once in a while.

> Debian netinstall is meets your requirements. It's primarily text based.

Once the DSL is running, I will give it a try.

Thank you.
>
> --
> Regards, Ed :: http://s5h.net/qf
> just another python hacker
> Chuck Norris commands all five lions of Voltron simultaneously.

I remember Voltron. Years later, all these pretenders like Power
Rangers fail at copying them.

On 3 Sep 2006 23:11:28 -0700, (E-Mail Removed)
<(E-Mail Removed)> wrote:

> ed wrote:

>> The problem is a unclean shutdown of the filesystem, if you have
>> ext2, you should think about using ext3 (check your kernel can access
>> ext3 first of course), the transition is rather straightforward:
>
> Actually, I am already using ext3.

Is it really mounted as ext3? Look at the output of "mount". If it
really is ext3, fsck should replay the journal without asking any
questions. Unless the journal is wrecked, which if that happens you
probably have a hardware failure of some sort, or you have an outdated
version of fsck.


> The reason I chose ext3 over ReiserFS (I wanted a JFS since brown outs
> are occaisional), is because of the ACLs. I wanted better control over
> the access rights of files and folders, but so far (<2 yrs) I have yet
> to use ACLs. *chuckle*

Brown outs can be worse than sudden power-offs. If the computer's power
supply is not well-designed, a brown-out may result in low voltage to
some components rather than just a sudden loss of power. A JFS won't
save you from corrupt RAM or a disk writing bad data due to low voltage.

A good UPS would be indicated if you have a lot of brown-outs.


>> tune2fs -j -c 0 -i 0 /dev/hdX

Did you change the filesystem type in /etc/fstab?. If it still says
ext2 then fsck will treat it as such.

Ext3 should resist corruption just as well as Reiser or whatever. I've
been using it for years on embedded systems with few problems. If you
have brownouts though, maybe nothing will help but a UPS or a better
power supply in the computer.


--
-| Bob Hauck
-| A proud member of the unhinged moonbat horde.
-| http://www.haucks.org/