Linux Upgrade Time Part 2: Rising from the Ashes

by Aaron 19. August 2010 11:28

From the ashes rises...well...some heat.  Maybe a little smoke.  Some ashes.  Mythically, a phoenix, but not a Joaquin Phoenix though.  My Linux box didn't certainly rise from the ashes.  Know why?  Because it's ROCK SOLID, BABY!!!  Maybe I'll still refer to it as a phoenix...

Seriously, it was pretty uneventful upgrading to the latest distribution of Debian.  I commented on my last post that I think I had to upgrade the kernel to a newer version, and to do so, I needed a pre-compiled version of it.  I remember now in more detail what was the dealio.

I wanted to upgrade the kernel to version 2.6 from version 2.2.  To do that, I needed to compile a new kernel.  To do that, I needed to upgrade the gcc library or something, and some other libraries, and compilers, and blah blah blah.  I ran into a chicken or egg issue where it appeared that I needed the newer kernel to get what I needed to compile a new 2.6 kernel.  Impossible!

So instead, what I had to do was find a pre-compiled kernel that fit my CPU architecture.  Unfortunately, it didn't fit the rest of my hardware architecture.  So I had to go through all the craptastic steps of building a new kernel.

This time around, I was able to just upgrade the distribution components.  Meh.  There were a couple of steps that I didn't know what it was doing, but everything seems to be working fine.

Now I'm working on creating my firewall script.  I found a site called About Debian Linux.  To be quite honest, this is one of the most informative sites I've ever found for working with my Linux box.

There's a page in the site that has a basic script on it for configuring a basic firewall.  I'm starting with that.  So far I've found that I don't necessarily have everything that I need.  I executed the script as-is with the minimal changes necessary to configure my network interfaces.  It's giving me a lot of feedback telling me that I may need to upgrade components, or the kernel.  If I need to rebuild the kernel, that's not an issue.  I have yet to hose the kernel in such a way that the server doesn't come back up.  Maybe this will be the first?

My plan of action, since I can't afford to upset the wife, is to configure the Linux box on a subnet of my network.  The external interface will look just like it does now to the existing router, but I'm going to plug the office "subnet" into the Linux box and serve up some tasty, tasty routing from there.

Here's approximately what my current network looks like:

 

You can see that I've got the Linux box on one node by itself, and there are three switches, each with a wireless access point.  I hate Dead Zones.  Not the novel or popular TV series by Stephen King.  The wireless kind.  I actually like the Stephen King kinds.

Once I feel the Linux box is ready for testing, I'm going to move it between the office node and the current router.  The temporary, proposed network will look approximately like this:

This will allow me to test routing and such through the Linux box from within the office, and allow the rest of the network to function normally.

Once I feel that the Linux box is working and ready, I'm going to replace the existing router with the Linux box.  I'll plug in a switch for the rest of the network, and the final network will look something like this:

Stay tuned for Linux Upgrade Time Part 3: End Game!

Tags: , , , , , ,

Linux Upgrade Time!

by Aaron 17. August 2010 09:29

Over the past few weeks I've experienced some ridiculous network behavior.  It started with an old Linksys router that was in place.  It started dropping my network connection, but I was still able to see all of the rest of my network.  I called Time Warner.  Went through all the hoops, unplugged my router, then plugged it back in...  My router wouldn't power back on.  This is router #1

At this point I think, "not so smart now are you, Aaron?!?"  My own router, and I never suspected it.

I took a different router down there (router #2) and plugged it in temporarily, until I could get a new, better one.  I bought a new one (router #3).  New issue: the router randomly drops the entire network.  So I plug router #2 back in.  This one seems to drop the external network randomly like router #1 did.  I can still see my network, but I can't get out.  Stranger still, I can get into my network from the outside.  It's like the router is losing all of the DNS server information.

I buy another Linksys (router #4).  This one reboots randomly.  Again, I go back to router #2.  No new issues, just the same old ones.  I don't think there's an issue with my hardware, although it's possible.  I think somebody's attacking my network, and something about the attack is doing this nasty business.

I took back router #4, and just today I bought a new network card.  This time, I'm going to build my own router.  I want to capture as much log info as I can about the issue, if it still persists after I do this, and maybe even shut down the attacks, if that's what is causing the problem in the first place.

To do this, I have a Linux box in my basement, running headless, that's very stable.  It's been running for years now.  I mean, this thing has been running since before I met my wife.  I've been using it as a file server, SVN server, web server, SSH server, Icecast server, TiVo home media server, DHCP server, local mail aggregator and server, and who knows what else.  It might even be lowering my cholesterol or car insurance!  And now I'm about to turn it into my new router and firewall.

About a year ago though, I decided that I wanted to upgrade some of the server software running on my Linux box.  I run Debian Linux, and the release I was using was Sarge I believe (version 3).  It took me a while to figure out how to upgrade, but I figured I wouldn't be disappointed.  It was HORRIBLE!

Once I finally fiugred out how to do it, it upgraded my kernel on me.  When I did that, it didn't have IDE hardware compiled into the kernel, so it wouldn't recognize my hard drive anymore.  I should also add at this point that the hardware is an AMD Duron 950MHz processor with a couple of IDE hard drives in it.  When I say I run it headless, the only time I plug a monitor into it is when it doesn't seem to boot back up.  That happened after the kernel upgrade.

I then had to boot up with a rescue disc (Trinity Rescue) and build a new kernel using the crappiest console interface possible.  I successfully got it back up and running though, and it's been rock-solid ever since.

I tell this back story because now, I have to do it again.  I'm afraid.  Like really afraid.  I hate the process, and I wish that it could be smooth and easy, but I suspect I'm going to run into the same issue.

The reason I have to upgrade to Lenny (version 5) now is because Etch (version 4) is no longer supported.  I want to look for and possibly use some routing/firewall apps to help lock down my network.  I want to make sure I've got the latest, most secure crap running on this thing possible.  I'm mad as hell, and I'm not going to take it anymore.

I'm approaching my upgrade the same way that my wife approaches any problem: Google  Google.com is your friend.  The first link I found is perfect really.

I started by first putting in the new network card.  That's the first new piece of hardware to be installed in the Linux box in several years.  The only other new hardware was an additional hard drive.  The machine booted up without issue after installing the card.

Next I updated APT.  I started getting GPG errors when I tried to update the package cache.  I apparently needed some GPG keys, so I installed any keyring package that had the word Debian in it until my error went away.  the APT package cache is now updated.

Now, I'm about to install the dist-upgrade APT package.  That's where I'm going to leave off for now.  The box IS my DHCP server, and if it goes down, so does the connection to my network from this laptop.

Stay tuned for Linux Upgrade Time Part 2: Rising from the Ashes.

Tags: , , , , , , , , ,