Linux Upgrade Time Part 3: End Game

by Aaron 28. August 2010 10:25

The end is nigh!  Or whatever.

I have successfully turned my Linux box into a router.  It was full of trial and error, but I managed to accomplish the task.

The first thing I had to do, once I grabbed the firewall script from aboutdebian.com, I learned that I had to rebuild the kernel with additional modules.  It was a lot of searching through the menuconfig to find all of the proper modules, but I managed to do it.

I knew that I had everything installed in the kernel properly when I did a test run on the script, and my SSH connection froze after one of the startup messages.  So, I had to wander to the basement, turn on the monitor that I have conveniently left connected to the server, and reboot the box.  Unfortunately, I'm not sure what process(es) I have to kill to just stop the firewall features.

The next step was to get the network adapters working.  This took some effort.  I managed to drop the Linux box from the network several times.  Each time I had to go to the basement, undo what I did, and come back upstairs.  I got tired of that, so this morning, I simply sat on the floor in the basement, kept a laptop beside me that was hardwired into the internal interface, and used it to test after each trial and error change.

During all of this, I configured everything the way I thought it was supposed to be configured.  I finally figured out what I was doing wrong, again through trial and error, not because I knew it.  I just decided to "try it."  The the internal interface can't be on the same IP subnet as the external interface.  Sounds like something that maybe I should have known, or assumed.  Neither was the case.  Both the external and internal interfaces were on 192.168.0.0.  Once I changed the internal interface to the subnet 192.168.1.0, I was able to again browse the web from the Linux box itself.

The next thing I did was make sure that I could connect to the web through the Linux box from within the office.  If you refer back to a diagram in my last post, I had my Linux box (pictured as Joaquin Phoenix) acting as a router for my home office.  I was able to connect to the internet from the office.

Next I needed to make sure that DHCP was still working properly.  This is where I ran into a slight snag.  I configured the DHCP daemon to respond to requests only on eth1 (the internal interface), but I needed a DNS server to use.  Since my Belkin router was being replaced, and the network information it served up set itself as the DNS server, it made sense for me to do the same.  Unfortunately, my Linux box was failing as a DNS server.

It was s simple fix to simply install bind9.  I didn't have to do any configuration, I simply had to install it, and the package just worked.

The final test was making sure that I could connect to work by VPN.  Again, no problem.

Finally, this evening I did some last minute reconfiguration, swapped out the router, made a minor config change to DHCP that I overlooked just before making the switch, and voilà!  We have routing!

The first thing I did when I was sure it was working was go to Speedtest.net.  I can tell that my network connection is slower.  Since it's so noticeable, I was hoping it was a fluke, but it's not.  I'm getting about a third of the speed that I was getting before.  I'm not pleased by this, but I'm going to compare my routers choice to Verizon versus AT&T: if I can have a reliable, stable connection, I'll take it over the faster network any day.  Something seems to be flaky with Speedtest.net right now, so maybe it's not just me.

I will be investigating ways that I can speed up the network connectivity.  Maybe swap out my 10/100 cards for gigabit cards.  Maybe the higher throughput will help.  Who knows.  If only there was some place that I could search for information and only get results that are relevant to what I'm looking for.  And if that information was publicly available through some non-paper form where I could quickly peruse it and decide if it's useful or not.  I wonder what they would call that...

The other thing I need to do is configure the firewall script to do some port forwarding.  Other than that, I'll simply be watching for any network outages.  I hope this resolves my outages for me.  It's possible that I just have horrible luck with routers, and that this was all very unnecessary.  I just have a lot of trouble believing that four routers, at least one of which was totally fine prior to making it my firewall, were all bad.

Wish me luck and hope that I don't have to start a new trilogy of router upgrading.  I may be able to post some information that I find and utilize for speeding up my "new" router.

Tags: , , , , ,

Linux Upgrade Time Part 2: Rising from the Ashes

by Aaron 19. August 2010 11:28

From the ashes rises...well...some heat.  Maybe a little smoke.  Some ashes.  Mythically, a phoenix, but not a Joaquin Phoenix though.  My Linux box didn't certainly rise from the ashes.  Know why?  Because it's ROCK SOLID, BABY!!!  Maybe I'll still refer to it as a phoenix...

Seriously, it was pretty uneventful upgrading to the latest distribution of Debian.  I commented on my last post that I think I had to upgrade the kernel to a newer version, and to do so, I needed a pre-compiled version of it.  I remember now in more detail what was the dealio.

I wanted to upgrade the kernel to version 2.6 from version 2.2.  To do that, I needed to compile a new kernel.  To do that, I needed to upgrade the gcc library or something, and some other libraries, and compilers, and blah blah blah.  I ran into a chicken or egg issue where it appeared that I needed the newer kernel to get what I needed to compile a new 2.6 kernel.  Impossible!

So instead, what I had to do was find a pre-compiled kernel that fit my CPU architecture.  Unfortunately, it didn't fit the rest of my hardware architecture.  So I had to go through all the craptastic steps of building a new kernel.

This time around, I was able to just upgrade the distribution components.  Meh.  There were a couple of steps that I didn't know what it was doing, but everything seems to be working fine.

Now I'm working on creating my firewall script.  I found a site called About Debian Linux.  To be quite honest, this is one of the most informative sites I've ever found for working with my Linux box.

There's a page in the site that has a basic script on it for configuring a basic firewall.  I'm starting with that.  So far I've found that I don't necessarily have everything that I need.  I executed the script as-is with the minimal changes necessary to configure my network interfaces.  It's giving me a lot of feedback telling me that I may need to upgrade components, or the kernel.  If I need to rebuild the kernel, that's not an issue.  I have yet to hose the kernel in such a way that the server doesn't come back up.  Maybe this will be the first?

My plan of action, since I can't afford to upset the wife, is to configure the Linux box on a subnet of my network.  The external interface will look just like it does now to the existing router, but I'm going to plug the office "subnet" into the Linux box and serve up some tasty, tasty routing from there.

Here's approximately what my current network looks like:

 

You can see that I've got the Linux box on one node by itself, and there are three switches, each with a wireless access point.  I hate Dead Zones.  Not the novel or popular TV series by Stephen King.  The wireless kind.  I actually like the Stephen King kinds.

Once I feel the Linux box is ready for testing, I'm going to move it between the office node and the current router.  The temporary, proposed network will look approximately like this:

This will allow me to test routing and such through the Linux box from within the office, and allow the rest of the network to function normally.

Once I feel that the Linux box is working and ready, I'm going to replace the existing router with the Linux box.  I'll plug in a switch for the rest of the network, and the final network will look something like this:

Stay tuned for Linux Upgrade Time Part 3: End Game!

Tags: , , , , , ,

Linux Upgrade Time!

by Aaron 17. August 2010 09:29

Over the past few weeks I've experienced some ridiculous network behavior.  It started with an old Linksys router that was in place.  It started dropping my network connection, but I was still able to see all of the rest of my network.  I called Time Warner.  Went through all the hoops, unplugged my router, then plugged it back in...  My router wouldn't power back on.  This is router #1

At this point I think, "not so smart now are you, Aaron?!?"  My own router, and I never suspected it.

I took a different router down there (router #2) and plugged it in temporarily, until I could get a new, better one.  I bought a new one (router #3).  New issue: the router randomly drops the entire network.  So I plug router #2 back in.  This one seems to drop the external network randomly like router #1 did.  I can still see my network, but I can't get out.  Stranger still, I can get into my network from the outside.  It's like the router is losing all of the DNS server information.

I buy another Linksys (router #4).  This one reboots randomly.  Again, I go back to router #2.  No new issues, just the same old ones.  I don't think there's an issue with my hardware, although it's possible.  I think somebody's attacking my network, and something about the attack is doing this nasty business.

I took back router #4, and just today I bought a new network card.  This time, I'm going to build my own router.  I want to capture as much log info as I can about the issue, if it still persists after I do this, and maybe even shut down the attacks, if that's what is causing the problem in the first place.

To do this, I have a Linux box in my basement, running headless, that's very stable.  It's been running for years now.  I mean, this thing has been running since before I met my wife.  I've been using it as a file server, SVN server, web server, SSH server, Icecast server, TiVo home media server, DHCP server, local mail aggregator and server, and who knows what else.  It might even be lowering my cholesterol or car insurance!  And now I'm about to turn it into my new router and firewall.

About a year ago though, I decided that I wanted to upgrade some of the server software running on my Linux box.  I run Debian Linux, and the release I was using was Sarge I believe (version 3).  It took me a while to figure out how to upgrade, but I figured I wouldn't be disappointed.  It was HORRIBLE!

Once I finally fiugred out how to do it, it upgraded my kernel on me.  When I did that, it didn't have IDE hardware compiled into the kernel, so it wouldn't recognize my hard drive anymore.  I should also add at this point that the hardware is an AMD Duron 950MHz processor with a couple of IDE hard drives in it.  When I say I run it headless, the only time I plug a monitor into it is when it doesn't seem to boot back up.  That happened after the kernel upgrade.

I then had to boot up with a rescue disc (Trinity Rescue) and build a new kernel using the crappiest console interface possible.  I successfully got it back up and running though, and it's been rock-solid ever since.

I tell this back story because now, I have to do it again.  I'm afraid.  Like really afraid.  I hate the process, and I wish that it could be smooth and easy, but I suspect I'm going to run into the same issue.

The reason I have to upgrade to Lenny (version 5) now is because Etch (version 4) is no longer supported.  I want to look for and possibly use some routing/firewall apps to help lock down my network.  I want to make sure I've got the latest, most secure crap running on this thing possible.  I'm mad as hell, and I'm not going to take it anymore.

I'm approaching my upgrade the same way that my wife approaches any problem: Google  Google.com is your friend.  The first link I found is perfect really.

I started by first putting in the new network card.  That's the first new piece of hardware to be installed in the Linux box in several years.  The only other new hardware was an additional hard drive.  The machine booted up without issue after installing the card.

Next I updated APT.  I started getting GPG errors when I tried to update the package cache.  I apparently needed some GPG keys, so I installed any keyring package that had the word Debian in it until my error went away.  the APT package cache is now updated.

Now, I'm about to install the dist-upgrade APT package.  That's where I'm going to leave off for now.  The box IS my DHCP server, and if it goes down, so does the connection to my network from this laptop.

Stay tuned for Linux Upgrade Time Part 2: Rising from the Ashes.

Tags: , , , , , , , , ,