Linux Upgrade Time Part 3: End Game

by Aaron 28. August 2010 10:25

The end is nigh!  Or whatever.

I have successfully turned my Linux box into a router.  It was full of trial and error, but I managed to accomplish the task.

The first thing I had to do, once I grabbed the firewall script from aboutdebian.com, I learned that I had to rebuild the kernel with additional modules.  It was a lot of searching through the menuconfig to find all of the proper modules, but I managed to do it.

I knew that I had everything installed in the kernel properly when I did a test run on the script, and my SSH connection froze after one of the startup messages.  So, I had to wander to the basement, turn on the monitor that I have conveniently left connected to the server, and reboot the box.  Unfortunately, I'm not sure what process(es) I have to kill to just stop the firewall features.

The next step was to get the network adapters working.  This took some effort.  I managed to drop the Linux box from the network several times.  Each time I had to go to the basement, undo what I did, and come back upstairs.  I got tired of that, so this morning, I simply sat on the floor in the basement, kept a laptop beside me that was hardwired into the internal interface, and used it to test after each trial and error change.

During all of this, I configured everything the way I thought it was supposed to be configured.  I finally figured out what I was doing wrong, again through trial and error, not because I knew it.  I just decided to "try it."  The the internal interface can't be on the same IP subnet as the external interface.  Sounds like something that maybe I should have known, or assumed.  Neither was the case.  Both the external and internal interfaces were on 192.168.0.0.  Once I changed the internal interface to the subnet 192.168.1.0, I was able to again browse the web from the Linux box itself.

The next thing I did was make sure that I could connect to the web through the Linux box from within the office.  If you refer back to a diagram in my last post, I had my Linux box (pictured as Joaquin Phoenix) acting as a router for my home office.  I was able to connect to the internet from the office.

Next I needed to make sure that DHCP was still working properly.  This is where I ran into a slight snag.  I configured the DHCP daemon to respond to requests only on eth1 (the internal interface), but I needed a DNS server to use.  Since my Belkin router was being replaced, and the network information it served up set itself as the DNS server, it made sense for me to do the same.  Unfortunately, my Linux box was failing as a DNS server.

It was s simple fix to simply install bind9.  I didn't have to do any configuration, I simply had to install it, and the package just worked.

The final test was making sure that I could connect to work by VPN.  Again, no problem.

Finally, this evening I did some last minute reconfiguration, swapped out the router, made a minor config change to DHCP that I overlooked just before making the switch, and voilà!  We have routing!

The first thing I did when I was sure it was working was go to Speedtest.net.  I can tell that my network connection is slower.  Since it's so noticeable, I was hoping it was a fluke, but it's not.  I'm getting about a third of the speed that I was getting before.  I'm not pleased by this, but I'm going to compare my routers choice to Verizon versus AT&T: if I can have a reliable, stable connection, I'll take it over the faster network any day.  Something seems to be flaky with Speedtest.net right now, so maybe it's not just me.

I will be investigating ways that I can speed up the network connectivity.  Maybe swap out my 10/100 cards for gigabit cards.  Maybe the higher throughput will help.  Who knows.  If only there was some place that I could search for information and only get results that are relevant to what I'm looking for.  And if that information was publicly available through some non-paper form where I could quickly peruse it and decide if it's useful or not.  I wonder what they would call that...

The other thing I need to do is configure the firewall script to do some port forwarding.  Other than that, I'll simply be watching for any network outages.  I hope this resolves my outages for me.  It's possible that I just have horrible luck with routers, and that this was all very unnecessary.  I just have a lot of trouble believing that four routers, at least one of which was totally fine prior to making it my firewall, were all bad.

Wish me luck and hope that I don't have to start a new trilogy of router upgrading.  I may be able to post some information that I find and utilize for speeding up my "new" router.

Tags: , , , , ,