Linux is impossibly complicated

Discussion in 'Linux Networking' started by Fred Jones, Jun 3, 2004.

  1. Fred Jones

    Fred Jones Guest

    I am working on building a Linux firewall/router from an old computer. I am
    a tech, but not versed in Linux. I find this task to be daunting. What a
    crazy system. I have found several solutions (CDRouter, M0n0wall) that I
    can get up and running. Major problem is drivers. I want to use a Diamond
    Homefree card and a Wifi card as LAN ports. First I have to search and
    search to find drivers. Then I don't understand the web pages put up by the
    people who write the drivers. There is code, instructions, all kinds of
    different files with different extensions. Do you really have to recompile
    the kernel just to add a driver? Not to mention then I have to figure out
    how to open the iso file, change the files in the iso and burn it back onto
    a CD. If I add or change a card, I have to go through the whole process all
    over again. How can the average user be expected to do all this? Linux
    will never be main stream because it seems that the people developing it
    want to keep it part of their secret world. The one good feature about
    Windoze is that anyone can click and load a driver and it will then be
    accessable to all hardware and software in the system. No brainer.
     
    Fred Jones, Jun 3, 2004
    #1
    1. Advertisements

  2. Fred Jones

    Conny Guest

    Why not download a ready to go distro for the task?
    http://smoothwall.org/about/
     
    Conny, Jun 3, 2004
    #2
    1. Advertisements

  3. Fred Jones

    Jan Geertsma Guest

    If those cards are supported by your distribution you could just use the
    provided modules (modprobe modulename), if not you could use the
    sourcecode from those people to make such a module. Most distributions
    will make sure the modules are tested so that's good.
    Yeah had the same problem under windows, so what's your point? under
    linux you can mount an iso9660 as a loop device
    mount -t 9660 -o loop /path/file.iso /mnt/disk
    Average users are expected to use distributions that do that
    automatically for supported networkcards.
    The crappy thing about windows is that nobody understands it if it goes
    wrong. Feel free to use windows for firewalling as well if that makes
    you feel more comfortable.
     
    Jan Geertsma, Jun 3, 2004
    #3
  4. On Thu, 03 Jun 2004 08:24:35 -0600, Fred Jones wrote:

    First of all: I do not understand why did you post this one here. Do you
    want to start a flamewar or was it your way to ask for help with a
    specific problem.

    My experience was that setting up firewall/router using an old machine
    (486SX/33) very easy and straightforward. If you want to try this: I based
    it on Slackware and used iptables to set up the firewalling part.
    Could be true if it always works. Once there is a problem it can get
    extremely complicated to find get that thing to work.
     
    Ondrej Kubecka, Jun 3, 2004
    #4
  5. Fred,

    I'm not going say you are wrong, and I'm not going to say
    that getting up to speed with linux is easy, but repeat after me:

    Linux != Windows, Linux != Windows, Linux != Windows.

    Now that we've got past that, there are lots and lots of differences
    between linux and Windows. That's not good or bad, just a fact.
    You have to accept those differences and learn how to live with them,
    or just stick to Windows.

    Now, if you were 100% happy with Windows, why are you picking linux
    for your application?

    WiFi is fairly new, and linux isn't well supported. If I were you,
    I'd find an alternative to a Wifi card in the linux box. I happen
    to be using a Microsoft ...500 wireless router in bridge mode for that.
    Does the trick. Not great, but works.

    If you want help, ask a question.

    Chris
     
    Chris Richmond - MD6-FDC ~, Jun 3, 2004
    #5
  6. Fred Jones

    Gerard Guest

    On Thu, 3 Jun 2004 08:24:35 -0600, Fred Jones scribbled:

    [snip]
    Well, Fred, If you *do* like Windoze so much, why rely on Linux to build
    your firewall then? ;) My guess is that the reason is that it's not as
    save as uncle Bill would like us all to believe...

    Furthermore, I second Conny in her recommendation of the smoothwall
    distribution. It's perfect for the job, right 'out of the box', although
    I'm not entirely sure whether it will support your cards...

    It *is* nice and small, a 45Mb iso file including the full manuals, I'd
    like to see Windoze do that... :)

    --
    GerardLinux ay tee filternet dee oo tee ann el

    ACHTUNG!!
    Das machinen is nicht fur gefingerpoken und mittengrabben. Ist easy
    schnappen der spingenwerk, blowenfusen und corkenpoppen mit spitzensparken.
    Ist nicht fur gewerken by das dummkopfen. Das rubbernecken sightseeren
    keepen handen in das pockets. Relaxen und vatch das blinkenlights!!!
     
    Gerard, Jun 3, 2004
    #6
  7. Fred Jones

    Keith Keller Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    [bitch bitch bitch snipped]

    Not that you asked (anything), but I'd recommend against putting a WiFi
    adapter into any router//firewall/packet filter. The firewall should
    be the most secure device on your network, and a WiFi adapter compromises
    that (slightly, but still). I'd suggest using two ethernet cards and
    connecting the internal end to a switch or hub connected to a WAP. You
    could even buy a cheap combo switch/WAP from someone like D-Link or
    Netgear.

    To address some of your whining, I'm wondering how creating and configuring
    a Linux bootable firewall CD compares to, say, creating and configuring a
    Windows bootable firewall CD. As a so-called tech, have you tried the
    latter? No? Hmm, I guess Windows will never be mainstream because the
    people developing it want to keep it part of their secret world.

    - --keith

    - --
    -francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQFAv0vGhVcNCxZ5ID8RArJoAKCcXuYxrqcYQpY040NWkAcQb4p2uACfdU/x
    ok/39NfeEYA+6Z5g/tUWUME=
    =tBb6
    -----END PGP SIGNATURE-----
     
    Keith Keller, Jun 3, 2004
    #7
  8. Linux will never be main stream because it seems that the people
    developing it
    I understand what you mean, but Windows is far more secret that Linux

    Linux = open source :eek:)
     
    George Hewitt, Jun 3, 2004
    #8
  9. Fred Jones

    Brian Guest

    No, that's one of the worst possible things about Windows: far too much of
    what it does is wrapped up behind a secretive "no-brainer" button. Too
    many people have been "educated" into thinking that this is all running an
    OS is about.
    What do you do when the button doesn't work or more usually, falls off?


    B.
     
    Brian, Jun 3, 2004
    #9
  10. Not necessarily. You can just compile the driver as a module and use
    modprobe to insert it into the running kernel.

    But compiling kernels really isn't that difficult. The hardest part is
    probably answering all the questions in the configuration routine. Once
    you've done that, you can configure a new kernel easily by copying the old
    ..config file to the new kernel's source tree and running "make oldconfig"
    so you only have to answer the questions pertaining to new features.
    Why would you want to do that?
     
    John Thompson, Jun 3, 2004
    #10
  11. I wish I could agree with you. I've spent a good portion of the last two
    days trying to get Win2k to install the damn drivers for my daughter's mp3
    player. I still haven't succeeded. It's completely unacceptable that you
    have to reboot every blessed time you change a driver -- I can't begin to
    tell you how much time I've wasted watching Windows go through shutdown
    and booting whenever we add new hardware!
     
    John Thompson, Jun 3, 2004
    #11
  12. Fred Jones

    Fred Jones Guest

    I did not intentionally set out to whine or write a flame. It just kind of
    happened out of frustration. I wanted to build a Linux firewall because I
    don't see a commercial product that has the flexibility I desire, because I
    have old computers and cards that can do the job and normally I really enjoy
    learning and doing something new. I don't like asking for directions and I
    don't like to lean on people to walk me through things.

    I appreciate that people took the time to respond (whether positively or
    negatively, the negative ones I guess I deserved anyway). I am not
    particuarly a Windoze fan, but it does have overwhelming market share, and a
    lot of that stems from the fact that most people can use it out of the box.
    Yes all the code is secret, but what you need to know to use it, isn't.

    It just seems to me that anything grass roots should be usable by the
    masses. I was good with DOS and Basic and learning Fortran on punch cards
    on a Univac 1108 25 years ago was easier than learning Linux. Let's face
    it, format is a lot easier than mke2fs.

    As to some of the replies:

    Some say: Its easy just modify this, compile that, put the drivers here,
    etc. Sorry, that's easy for you to say, but totally greek to a newbie.

    All the firewall systems I've seen run off a CD ( CDRouter, m0n0wall,
    smoothwall). Using a HD requires a lot more Linux savy. But using a CD
    means opening the iso, doing mods, compiling and re-burning, a difficult and
    time consuming process. Rebooting Windows is faster and easier.

    I think that putting the wifi card in the firewall makes total sense. Why
    would you want it BEHIND the firewall? Its like a back door into your LAN.
    In the firewall it can even be a different subnet, thus locking out any
    intruder.

    Choosing a viariation of Linux, just because it has the driver you need is
    not a good system. You should be able to choose according to its function,
    interface, usability, etc. and there should be an easy way to add drivers to
    whatever viariation one chooses.

    I'd love to ask a question, get the answer and be on my way, but its just
    not that easy. Guess I'll just abandon my efforts, like most people and
    keep paying Mr. Gates. Look how many flavors of Linux there are. Why?
    Because so may people are so frustrated. When someone really gets it right
    and anyone and everyone starts using it, then Windoze will die a quick
    death.

    Damn, went on way too long. My hope is that Linux becomes what it should
    be. I wish I had the talents to help it get there.

    PS Just downloaded and burned Smoothwall. I'll give it a try. Guess I
    can't really give up afterall...
     
    Fred Jones, Jun 3, 2004
    #12
  13. Fred Jones

    Brian Guest

    Or perhaps because on being given free ingredients and cookbooks, people
    discover there are *many* ways to make interesting meals.

    But I understand your frustration - I'm sure most of those escaping the
    greasy clutches of M$ to stand, pale-skinned and blinking, in the light &
    fresh air would agree that initially, the learning curve can be a bit
    steep.

    Believe me; it gets *much* easier the further away you stand from Redmond.


    B.
     
    Brian, Jun 3, 2004
    #13
  14. Let's just face the fact that for many, the computer is, was and
    always will be just another piece of office dressing or household
    appliance, kin to the copier, fax, refrigerator, microwave...etc. As
    long as, when the on button is pressed, the lights flash and the
    screen lights up what's "under the hood" will matter little; much less
    the specifics of what's happening and what power they have over
    controlling or manipulating them. Take heed Linux faithful, the
    corporate wolves will not soon be berefted of the sheep of ignorance,
    complacency or laziness on which to fill up their bellie$
     
    Marcus Brutus, Jun 4, 2004
    #14
  15. I don't understand. What's so hard about using the hard drive? Any
    Linux distribution is set up to load itself onto the HD, and away
    you go. Tinker with it until you have it the way you want, then
    just leave it. Better still, take a backup of the hard disk (to
    CD if you like).
    <makes sign of the cross> One of the worst things Bill Gates has
    done to the industry is to make so many people believe that re-booting
    a computer is no big deal. What would you have thought if that 1108
    you once worked on was down half the time because the staff decided
    to reboot for every little change they wanted to make? What would
    you think now if your ISP went up and down like a yo-yo? Linux holds
    to the old belief that re-booting is only done for major modifications
    or severe system crashes. The rest of the time, the system stays up.
    Certainly putting the wifi card behind the firewall is a Bad Thing.
    But putting it _in_ the firewall isn't much better. A wireless
    attack on the system becomes a direct attack on the firewall itself -
    and the attacker doesn't even have to be in the building!
    Go one step further - put a machine on that different subnet, and
    put the wifi card in it. Then the firewall can do its job properly,
    without being exposed to attack.
    Damn those marketroids. Unfortunately, many users can be persuaded
    to forget about usability by the sight of flashy graphics. But Linux
    has much less of a monopoly on frustration than Windows has on the
    market in general. Yes, I find some things tricky to set up under
    Linux. But I find many other things far more difficult - and
    frustrating - to set up under Windows than under Linux. It's
    not a one-sided thing. Plus, once you get things running under
    Linux, they tend to stay running - unlike Windows, where making
    one change can break totally unrelated things.
    That's the spirit! There are plenty of people here who are willing
    to help. I've found with many computer problems that I sometimes
    have to be reduced to a point of total despair, and then a solution
    magically pops up. Maybe this is your time.
     
    Charlie Gibbs, Jun 4, 2004
    #15
  16. Fred Jones

    Keith Keller Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    How is

    format c:

    any easier than

    mke2fs /dev/hda1

    other than less typing? It's all just notation. Once you get past
    the notation, one is just as easy as another.
    Bloatware! I like the firewalls that run off floppy. :)

    (I use floppyfw: http://www.zelow.no/floppyfw; there are others out
    there.)
    Well, with the distros designed to run off of CD, yes. But, as someone
    already suggested, it's just as easy (maybe easier?) to install a hard-
    disk distro like Fedora and configure your iptables rules. You could
    even use old hardware, a small hard disk, and use an older distro like
    Slackware 4.0. CD is not the only option for a linux-based packet
    filter.
    On the LAN it can be on a different subnet as well, if that's a concern.
    Any of your wifi devices are a back door onto at least that part of your
    LAN; why let it be a back door into the firewall too?
    And top-posted; please don't do that.
    Much of linux is learning how things work, much as learning Windows is
    learning how things work. You're frustrated because linux doesn't work
    like Windows, but to turn it around, I get frustrated the few times I
    have to deal with Windows, because Windows doesn't work like linux.
    Anyone with a sharp brain can learn linux; anyone without a sharp brain
    perhaps shouldn't be subjected to Windows anyway.

    Yes, there are a lot of options; that's both good and bad for linux.
    With Windows, there are very few options; that's both good and bad
    for Windows.

    - --keith

    - --
    -francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQFAv9fYhVcNCxZ5ID8RAurgAKCNUn3xGshnpjitwLTFA/D0n4Ny2wCghjN1
    prU3QE+96KB8NFbDk9bJUwE=
    =My8j
    -----END PGP SIGNATURE-----
     
    Keith Keller, Jun 4, 2004
    #16
  17. Fred Jones

    Gerard Guest

    OK, OK, we forgive you. Go, and sin no more ;-)

    [snip]
    I must disagree. the product I recommended to you (smoothwall) does *not*
    run of the CD, it just is distributed as an iso file for your cenvenience.
    You burn the CD, but from it (or from the diskettes, that you can make of
    of this CD) and install the complete system on your beloved HD. Every next
    time the system boots of the HD, no excessive Linux knowledge needed for it
    has a rather sophisticated html admin interface.

    Of course, when in due time you do pick up some Linux knowledge, you will
    be able to let it do some more tricks than the admin interface makes
    possible, but in the beginning you do not really need that.

    [snip]
    Starting again, are we?
    Linux *IS* what it should be. We can't help that you don't like it. Perhaps
    you should have read some more information about *your* descision before
    blaming the rest of the world.
    OK, now we're talking...

    Where, BTW, is the law that states that it's a crime to let other people
    help you?


    --
    GerardLinux ay tee filternet dee oo tee ann el

    ACHTUNG!!
    Das machinen is nicht fur gefingerpoken und mittengrabben. Ist easy
    schnappen der spingenwerk, blowenfusen und corkenpoppen mit spitzensparken.
    Ist nicht fur gewerken by das dummkopfen. Das rubbernecken sightseeren
    keepen handen in das pockets. Relaxen und vatch das blinkenlights!!!
     
    Gerard, Jun 4, 2004
    #17
  18. I don't agree with this.
    There is a huge amount that could be done to make Linux easier to use,
    and certainly easier to configure.
    [I think exactly the same about Windows, incidentally.]

    For example, most error messages are more or less useless,
    since they don't suggest any remedial action.
    It's obvious to me that people writing software rarely think,
    "How could this error arise?
    What is the most likely cause of failure here."
    The error messages are usually written for themselves, as far as I can see.

    Another example: man pages are a great resource, IMHO -
    but how much more useful they would be
    if they all had an EXAMPLES section,
    giving the commonest ways in which the command in question is used.
    In 95% of cases, that would tell you all you need to know.

    Unfortunately, there is no-one responsible for the human interface.
     
    Timothy Murphy, Jun 4, 2004
    #18
  19. Fred Jones

    Gerard Guest

    Well, as an old systems-programmer, I must agree with one of the previous
    posters: somehow during the last decades the opinion has arisen that
    operating systems are to be understood by the masses. Thats just not true
    and I for one hope it never happens.

    Look at MS, and learn what happens to an OS when you try to do that. It
    just consumes loads and loads of resources doing nothing at all for just
    one user!

    <memory-lane>
    By comparison: when I started, whe had a mainframe (I think it was an IBM
    370-125) with some odd 8Mb internal memory and 2Gb external diskspace max)
    and we serviced an insurance company with some 200 employees! I remember
    well the celebration party we had when we crossed the 4Gb line for external
    storage. This whole sucker took up a large room of 8 by 20 meters...
    Nowadays, we have a state of the art lap-top, containing some 512Mb
    internal memory, an 80Gb harddisk and a 2Ghz processor and all it does is
    serve one miserable user with 0,0001% of it's gigantic capacity, which is
    only needed to paint all the graphical mumbo-jumbo on the back of our
    sceens. (pffiew, I'm glad I unloaded all that for once... ;)
    </memory-lane>

    Writing, maintaining, and understanding operating systems and how they work
    is just a lot (yes, I really mean a *lot*) of hard work. Of and on, I've
    been in the IT business since 1979, so I think that I know what I'm talking
    about.

    Every single time I see some nit-wit trying to poke around in an operating
    system s/he does not understand, catastrophes happened. This especially
    goes for Linux, being (au contraire Windoze) a real multi-user OS.

    I'm *not* in favour of a return to the old Ivory Tower days, where we had
    all the power to tell users what *they* liked best (yes we did) and we
    built software for them that they did not necessarily need (hmmm, this
    rings a Bill ;). What I *would* like to point out that it takes a *lot* of
    studying and experience and hard work (mind the booleans) to become an
    understander of any OS to the level that one is able to maintain it
    properly.

    I *do* agree that the man pages should be more consistent though. Your
    remark about the examples section is very true, IMHO.

    --
    GerardLinux ay tee filternet dee oo tee ann el

    ACHTUNG!!
    Das machinen is nicht fur gefingerpoken und mittengrabben. Ist easy
    schnappen der spingenwerk, blowenfusen und corkenpoppen mit spitzensparken.
    Ist nicht fur gewerken by das dummkopfen. Das rubbernecken sightseeren
    keepen handen in das pockets. Relaxen und vatch das blinkenlights!!!
     
    Gerard, Jun 4, 2004
    #19
  20. Fred Jones

    Brian Guest

    Sure - I always thought that's who Windows is for ;)
    But that's no reason for Linux to start aping it.

    B.
     
    Brian, Jun 4, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.