|
    
Call Us At:
(336) 623-6969
Day or Night
United We Stand
| |
Visit the Linux Users Group I helped start at www.rock.lug.net!
I thought this would be a good place to put some geek-oriented info about my
recent experiences with Linux. I started messing around with Linux not
because I'm a Microsoft basher, but because we needed a dedicated server and
just couldn't afford a full blown NT server with all the software trimmings.
I'm also very unhappy with Microsoft's licensing tactics, but that's
another matter.
Anyway, I had an old computer lying around the
house, so I figured I'd stick a network card in it and see what I could make it
do. I decided that I'd better try to learn how to set up a simple Linux
fileserver before I plunked down money for a new system. After some hard-fought battles learning how to set the system up, I
have to say that I'm impressed with Linux.
Consider this: That old computer,
which was our only server for a while, was an AMD K6II 266 with 32 megs of RAM. It
was acting as a file server for our little network of 5 users (handling all of our
accounting data as well as a couple of Access databases), it was running our
mail server, our web server, and providing a base for network time syncronization. It also
performed automated daily backups of all the data files stored on it and ran an
occasional private FTP server. The most impressive thing though, is that
all of this was done with FREE software, and was a much more stable system
than my more powerful NT4 box was handling fileserver chores alone.
These days, I'm running several Linux
servers and I've split the load on them to provide better security and
performance. I've tossed our old Netgear firewall / router and
replaced it with a Linux system which gives me much better control. Our
file server is a single dedicated system and so is our web and mail
server. I'm also moving away from Redhat
completely and going to Debian.
Linux does have a pretty steep learning
curve, though. You can't just point and click your way to success.
So, here's a little bit of what I've learned:
Usernames
& Passwords
I learned this the hard way while I was
setting up Sendmail. Here's the deal: usernames should be all lowercase
and preferably 8 characters or less. Sendmail seems to choke on usernames
with capitalized letters in them. Samba also has a problem with
capitalized usernames. Usernames should be the same throughout the system
too. That means that each Windows login name needs to be "user",
not "User".
Samba 
RedHat 7.1 came with Samba version 2.0.7,
but I found that our accounting application (Businessworks) would not work with
it. I upgraded to Samba 2.2.1a though, and all my problems went away.
Take a look at my smb.conf for an example.
GUI or no
GUI?
If you're building a server, why not just
forget the GUI? For me, this was a non-issue really because I didn't have
enough memory to run the X-Window system (RedHat recommends 64megs). You
don't really need a GUI on a server anyway. Instead of that, just use
SWAT, Webmin, and Midnight
Commander. Both SWAT (comes with Samba) and Webmin can be run
across the network (from your comfy Windows box) to do all sorts of
administration tasks. Midnight Commander is a console based file management
utility that includes a text editor and lots of other stuff (you run this at the
server). These utilities make it fairly easy for Linux
newbies like me to twiddle around with settings and files without having to
remember lots of cryptic commands.
Building
a router from a pile of trash and a floppy
I had cable internet service at home, so
what I needed was a router to share the connection to multiple computers (at
work we had a hardware router, a Netgear
RO318). OK, so I had an old
network hub, a really old computer, and a couple of network cards.
Problem was, the only hard disk I had was only 525 megs. Enter Freesco.
This is a "pocket" Linux distribution that is built for one purpose:
to act as a router. Believe it or not, the entire operating can be run
from a floppy disk! I installed it on the hard disk anyway, and since the
system includes a DHCP server, I can plug any computer with a network card into
my hub and have instant cable internet access. Kewl.
I've now moved away from using Freesco and I'm sort of switching between 2
things: LEAF-Bering
and Mandrake-MNF.
The LEAF-Bering distro is very minimalist, works well for underpowered machines,
and like Freesco, can be run from a single floppy. LEAF-Bering is harder
to set up, but much more configurable than Freesco. Mandrake-MNF is really
the nicest and most professional firewall system that I've seen. It has a
very nice web-based configuration system, and includes things like intrusion
detection, access control, Virtual Private Networking, and monitoring right out
of the box.
Building
a Firewall 
OK, so
nothing in Linux is really "easy", no matter what people tell you, but
this comes pretty close. Instead of trying to become a firewall guru and
write your own script, try out Shoreline
Firewall. This is a free iptables
based firewall that does everything, including masquerading, stateful packet
inspection, traffic shaping, and other stuff that I don't care to
understand. All you've got to do is edit a few configuration files to suit
your needs. It works in a wide variety of applications and it's available
as an RPM package too, so it's easy to install. This is a very well
documented application, and they even have a mailing list where questions get
answered very quickly.
After
installing Shorewall on my system, I
tried a few web based port scanners such as the ones at DSL
Reports, Sygate Online Services,
and Gibson Research. None
of these scanners could even detect that me or my router was there at all, even
though I was initiating the scans from behind the firewall. Every
port just shows up as "Stealth" or "Blocked". This is
a good thing. Get rid of your old script and install Shorewall.
You'll sleep better at night, I promise.
Running
a DNS caching nameserver
My nifty
Linux router, based on RedHat 7.2 was doing fine, but how could I make it
better? What if I run my own caching nameserver so that DNS queries from
the local network don't have to go all the way thru my router, to my ISP's DNS
server, and back again? Well, I guess RedHat already thought of this, cuz
basically all you've got to do is install bind, bind-utils,
and caching-nameserver and you're pretty much done. Works
great, only one problem though, I kept getting "lame-server" log
messages (lots of them). Turns out that those messages don't mean anything
really (nothing you can do anything about anyway), but they were filling up my
logs fast. How do you get rid of them? Here's the trick, put these
lines at the end of your /etc/named.conf exactly like this:
logging
{
category lame-servers {
null;
};
};
Yes, each
curly brace and semicolon is important, so don't leave anything out, or it won't
work. Of course, you'll need to restart named or reboot for
this to take effect. By the way, why is it called "bind" when
the service is called "named"? Who knows. You can also
change the "lame-server" log setting with Webmin,
which is even more simple. I can't begin to tell you how many times that
program has made Linux easier for me.
Changing
the system font
Have you
noticed that the default font (at least with RedHat) is too big? It seems
like no matter what you do, the screen just isn't big enough to display it
all. OK, so how do you set the system font? First, look in /lib/kbd/consolefonts
to see what fonts are available, and try a few of them out using the command:
consolechars
-f fontname
Be sure
to check out "gr737-9x16-medieval" if you have it. Anyway, once
you find one you like (which is hopefully smaller than the default), edit the
following line in /etc/sysconfig/i18n like this:
SYSFONT="fontname"
This will
make the change permanent, and you'll see the screen font change as the system
boots up. Now you should be able to see much more text on the screen if
you picked a smaller font. I'm kinda partial to "lat1u-10"
myself, but that's just me. Of course, there's probably about 19,437 other
ways to do this, but this is quick and easy.
Linux has turned me into some sort
of demented computer junk man. Since Linux can transform even the lowliest
of hardware into something useful, I find myself ever on the lookout for old
stuff that people are about to trash because it won't run the latest version of
Windows. Every time I see an old computer somewhere, I'm thinking to
myself, "I can make a server out of that". I don't think I'll be
happy until I have a Beowulf cluster of
about 20 assorted piles of junk cranking out computations for SETI.
Somebody stop me.
Well, that's all I have time for
now. If you have any questions, just email
me. More to come!
|
