Monday, December 12, 2005
Moshe Bar is a systems engineer.administrator in Israel, managing some large UNIX establishments. This came as a letter, but clearly deserves a somewhat larger place. I'll link to it from a number of places.
Dear Dr. Pournelle
For those of your readers who have recently started using Linux and want to network it in their small office or home network, I have here a small report on how to set it up and and what pitfalls to avoid.
I recently was asked by my sister to set the five computers in her home on a more professional standing, since she recently lost important work because of lacking backups and because she was tired of moving diskettes around from her computers to her sons and her husbands.
Additionally, she wanted to use the one internet connection for the whole family, especially since her son, Ytzchak was insisting on getting connected, too. Also, local calls in Israel as well as ISP accounts are charged by the minute and quite expensively so.
I think this is a fairly common requirement nowadays, so let me describe the solution I provided them.
Since my sister, Adi, insists on using Word and Excel for her work at home, we had to keep her PII 200Mhz,4.3GB machine as it is. Same for her husbands P180MHz, 3GB. Ytzchak, my nephew however, wanted to have Win95 for games as well as Linux to try out on the same PII266Mhz, 9GB machine. Finally there were one unused P100Mhz,1.2GB and one P120Mhz with a broken usable disk, both running Win95.
So, I decided to make the unused P120 the family server running RedHat Linux
I configured Linux to run with the following services enabled: httpd (web server), innd (news server),ftp, telnet,audio server, SAMBA and firewall. I intentionally left out all routing deamons such as routed and gated. I also configured named to act as a caching-only server, getting its DNS resolution from the DNS top-level servers in the states. This would make the machine somewhat slower in the first few days of usage, because it would have to go to the States for every DNS look-up but it would soon stack its cache will all relevant DNS information that my sisters family usually requires. The configuration of a DNS caching-only server is a four-step process and I can send any of your readers the configuration files on request. Same goes for the SAMBA configuration files.
Then, I installed my sisters US Robotics Sportser 28800 modem to the serial port and configured the PPP scripts for access to the ISP of my sister.
Knowing that the first RS-232C port must either be /dev/cua0 or /dev/cua1 or /dev/cua2, all I had to do is start up the minicom terminal program in linux and try all three combinations to see under which one, I would get the ATZ init command to print an OK on the screen. Once I knew that /dev/cua1 is the actual port, I wrote the ppp connect script which I can send to anybody needing on request.
So far, so good. The machine dialed into the ISP and connected on first trial. Alas, I couldnt get it to ping nothing in the internet and I could also not telnet into my work machines. Curiously enough, if I did telnet to the specific IP address of my work computers it would get there without problems. Therefore a DNS problem must be the cause. I realized that I was still running on the first-ever boot of the newly resurrected machine and that therefore the named daemon was not notified to start doing some work. That was fixes by typing "ndc start" as root. Still connected to the ISP, I tried pingingwww.yahoo.com and after one or two seconds I got the reply from there. So far, so good, still.
I called that machine Rambam, after the great 12th century Rabbi, philospher and doctor. Rambam is connected to a 10/100 hub from a no-name Taiwanese OEM manufacturer with 8 ports, also a spare from myhome.The IP address of Rambam is 192.168.1.2 and its netmask (for the whole family network, too) is 255.255.255.0.
Next, I bought four 3Com 100mbit cards at the PC discount for something like 90$ each. Yes, I know it is expensive, but Israel is still in war-mode economy and we have taxes for about anything. I installed the cards on the two Windows95 machines of my sister and my brother-in-law, installed the drivers and the TCP/IP stack for that card, respectively.
The I told the TCP/IP configuration panel of Win95 (through the Network Control Panel) , that the default gateway is Rambam with IP 192.168.1.2 and that the DNS server is also Rambam with that same IP address. I assigned the the two machines 192.168.1.3 and 192.168.1.4 respectively. This steps need about three or four reboots to get it going, but in the end I could ping Rambam and I could see the public folders and the users folders in the Network Neighborhood panel. Since I also wanted NT-style network logins, I needed to make Rambam (remember it is a Linux machine) act as an NT PDC (Primary Domain Controller). The latest Samba version can do that, doo. Samba is for free and it runs on almost everything, including mainframe computers and small embedded systems.
I let Rambam dial into my work computer and from there downloaded Samba 1.0
for Linux in the handy RPM install-package format. After installing it and
re-starting the Samba deamons (a deamon is a sort of TSR for Unix) I had PDC-like behaviour
within the network. Rambam was still running on its initial boot, meanwhile. The third network card went into the PC of my nephew, but I configured the PC not to use Rambam for internet connections, after discussing with his parents. Instead, I installed the unused P100Mhz machine as a Linux box with all the appropriate software, and made that machine, called Rashi (after the great 15th century French Rabbi and Torah commentator) have a connection to the internet trough the home server, Rambam. I also installed a freeware X server on his Win95 machine to be able to display Rashis X windows. The reasoning behind this strategem was that first he would learn by himself how to connect the Win95 machine to the Internet. But, more importantly, if the connection was on the Linux machine, he would spend more time there and slowly learn more and more about Linux. I gave him also root priviliges on Rashi, knowing that he would sooner or later mess up that machine so bad that he would need to re-install everything, thereby increasing the learning effect.
Now, I only needed to make Rambam be also the printer server for both available printer a HP Laserjet 4L and an Epson stylus color printer. The HP Laserjet was installed and running under Samba in a few minutes. The Epson , I still havent figured out how to make it print in color, but it does print black and write.
Now, I only needed to supply the magic commands to make Rambam share that
one Internet link with the whole family. The commands
run as root do it. Now all outgoing connections are masked as one connection giving the ISP the impression that one very busy user is sending and receiveing IP packets. Once the ingoing connections arrive, Linux knows how to send them internally to the appropriate machine. As an additional bonus it also acts as a firewall. Guess what? Rambam was still running on its first-ever boot. And it still did for another 6 weeks after that.
It turns out that my nephew Ytzchak learned rather quickly how to configure his Win95 box to see the internet, too. But he is using Linux more and more, especially now that I installed a Basic compiler on his machine.
Finally, I needed to address the original problem of my sisters computing:
the backups. Since, the family was now putting all documents and non-easily
re-installable software on Rambam, the Linux file serfer, it made sense to
install a tape backup there. I had an old DLT tape driver at home, that nobody was using anymore and installed it on the SCSI chain of Rambam. That was last week-end. Now, I had to re-boot, there was no other choice.
Re-booting a Unix server still makes my pulse go faster, after more than 17
years of experience. And of course, Rambam didnt boot after power-on. It downed on me, that I had forgotten making a boot sector on the hard disk with LILO after finishing the Linux install some 6 weks earlier. Frantic searching for boot-diskette provided no immediate results. So, I was forced to make one at work. I installed the needed SCSI kernel on the diskette, put a LILO loader on it and configured it to look for the the 2nd partition on the disk, where the root directory is. Drove to my sister and started-up Rambam, under the unpatient eyes of the whole family (no Internet for 24 hours!). It came up nicely.
First thing, I wrote a LILO loader configuration file in /etc/lilo.conf and then ran "/sbin/lilo" as root. That installed the LILO loader on the boot sector of the hard disk. I checked it, and again Rambam came up nicely. It also recognized the tape drive in /dev/rmt/0n and I therefore added a script to the cron scheduler to do weekly backups of the user directories. From time to time, I plan to log-in to Rambam from my home or work and do a full backup, as well.
For this, I needed to configure Rambam also as a dial-in PPP server. Since Rambam is running without X windowing system, I couldnt use the utilities provided by linuxconf for this. But I have found a good manual on how to do that by hand inhttp://www.swcp.com/~jgentry/dialin2.html .
Thats it. The family network is running. It is printing, serving files, backing up, and sharing one internet connection to all users at home as well as securing it from outside intruders. The future things-to-do still are:
I have a set of all configuration scripts available on my website for those readers who need them. Please send me an email firstname.lastname@example.org to ask for it and I will reply with a link to the files. State family-network in the subject line and you will get an automated response.
The available scripts (all well documented) there are:
See Also his experiences in bringing in new equipment. Click here.