Get your favorite Linux flavor on CD: Pick your favorite Linux flavor and get it on CD for as low as $1.95. Find Linux gear, books, and software for Linux at Linux Central. Check out the selection today!

It's great to once again be working full time with Linux. One of the current projects on my plate is the setup of a Linux-based firewall box for the office. Accordingly, we're starting another short series in the GnomeTWEAK section today on - you guessed it - Linux-based firewall boxes. You don't have to be a sys admin to be able to put it to use, either. if you're thinking of setting up a home network, the series might just provide you with a cost effective way to secure the machines in your network. The filtering, forwarding, masquerading, and monitoring capabilities of Linux are unsurpassed. And it really doesn't take all that much knowledge or effort to set up an effective firewall with an old castoff box. I just get the fun of passing along the process to you as I implement it at work.

I've also been testing and playing with several available open source tools to streamline processes at work. Over the past few weeks, I've built a PHP/MySQL application for tracking parts vendors. Knowing where I wanted to head with this was crucial. I've been able to keep the design open enough to now add both purchased and manufactured parts used in our telescopes, as well as pricing and ordering details. I'll be tying these into the database over the next few weeks. At the end of this phase, we'll be able to find all the parts necessary for a particular telescope model as well as vendors and order information. All that from a simple web page query.

I've also been researching and testing software for bug tracking, customer support and customer forums. For the forums, I've landed on a great package by Iowan Tony Bibbs, Geeklog. I've used it in other circumstances and have always been impressed with its configurability and features. We're beta testing the forum with some valued customers and expect to roll forums for both professional and amateur astronomers within the next few months.

It's one of those incredible elements of the open source world - the abundance of available software. I've found several bug tracking and customer support packages that will perfectly suit our needs. It almost comes down to which one I can make look better, as all have the features we're looking for. Believe me - if I don't have to reinvent the wheel, I don't. When others have already solved the problem, I'm perfectly happy to put their solution in place for my own.

The hardcore Linux work will be interrupted for a few weeks, though, by the assembly cycle for a telescope destined for the Calar Alto Observatories in Southern Spain. This is an 800 cm telescope. That's a primary mirror roughly 31" across. Shortly after the holidays, I'll dive back into Linux full time to configure the 'scope software and begin indoor and sky testing. From the beginning of assembly on, this telescope is really my baby. I'll twist the wrenches, install the electronics, configure the system, conduct the testing, and accompany the telescope to Spain for installation in late January or early February. Don't let me give you the wrong impression, though. These processes will reflect the joint efforts of a fun and talented team of ten people. I just get to take the lead from assembly through installation.

Some of that team nearly took the next leap in modern company communication today. We had a planning meeting to sketch through the details and schedule all the tasks of the remaining work on the Spanish telescope. One of our team jokingly suggested that we take the meeting out to a coffee house in Iowa City. That really struck me as a great idea, especially given that I'd just been reading about that exact approach to meetings on the Web a few days ago. My only personal requirements for moving the meeting off site were a) good coffee and b) a wireless connection for the Zaurus. The latter would allow me to connect to the machine at work to update the project schedule as we worked through it. Alas, Iowa City is very thin for coffee shops with wireless access. Even the Starbucks tucked inside the Barnes and Noble store at the Coral Ridge Mall is without any 'Net access at all. After a half-dozen calls, I gave up. We ended up having the meeting in the office, but I'll dig up someplace that suits the tech needs soon, even if it means dropping a PCMCIA modem into the CF slot on the Zaurus.

One more quick note: help.lockergnome.com. Need I really say more? The Linux forum is filling up with great insight, experience and advice. I'm still just a Junior Member based on posts, but it's my goal to raise that status in the next month or so - around family and work and travel and Penguin Shell and ...

Have a great Wednesday.

                 
Tony Steidler-Dennison       

GnomeTWEAK

Firewall Boxes

One of the projects I've taken on at work is to set up a Linux firewall box. This is a box that will sit between a router and the internal network, monitoring and controlling the traffic that passes to and from the 'net to the machines in our shop. As I was diagramming the network today, I thought, "What the heck, this would make a great Penguin Shell series." So, we're off on another quick series. This time, we'll talk about tweaking an inexpensive Linux machine to protect your internal network.

The requirements for a Linux firewall box are very minimal. The key element, of course, is a computer. This can be an older or castoff machine with minimal memory, CPU and storage, as it will be dedicated to a single task. I'm fortunate to have the University of Iowa Surplus store within a ten-minute drive from the shop. The University regularly replaces computers, sending the old machines to the surplus shop to sell at what amounts to 100% profit. I can pick up a machine perfectly suited to firewalling for less than $75 on any given week. If you've got a used computer shop nearby, make a visit. The requirements for a firewall box are so minimal that I have no doubt you'll find one perfectly suited and at the right price.

Whatever machine you end up with will require at least two network cards. With the first card, you'll connect to the Internet via your ISP connection. This is the Wide Area Network or WAN card. The second will serve to create the internal network. This is the Local Area Network, or LAN. The IP addresses will be assigned and internal traffic controlled by a hub or switch. You won't need a full-blown router, as the firewall box will, in effect, serve this function. In the case of the machine I'm setting up, it will have three network cards. The two I've already mentioned and one that will connect directly to a switch on the test bench in our assembly shop. That third connection gives me the ability to add and remove machines at will outside the firewall. We need that capability in order to test the telescopes remotely.

You've already gotten a sense of the scheme of things for this firewall box. Internal users will be routed to the Internet via the LAN. External users will be unable to see anything beyond the single IP address provided on the WAN interface of the machine. The firewall machine will have no X Window and, except for the setup, will have no monitor or keyboard. This headless machine will be administered remotely from my desk using a secure shell (ssh). In other words, even the install on the machine will be minimal. Fundamentally, it will contain a kernel customized for security, ethernet drivers and some basic administration tools. Truth is, the machine will barely require a hard drive. We're going minimalist to provide a big service.

Tomorrow, we'll start at the real beginning; picking a distro to install on your firewall machine.

Recommend It!
Send us a GnomeTWEAK

GnomeCORE

GEAR PRO for Linux CD-R Software for Linux: GEAR incorporates the latest advances in optical storage technology including rewritable support, with the uncompromising quality and reliability users have come to expect from GEAR Software. This version supports both a GUI and CLI interface. GEAR PRO for Linux offers full CD-R, CD-RW, DVD-R and DVD-RAM recording and pre-mastering. GEAR supports most drives on the market. Download your copy today!

There's a major revision underway in Linux. That should come as no surprise, as our favorite OS is always under revision and improvement. This revision, though, represents a fundamental change in how devices are seen and handled in Linux.

The current device filesystem is a bit complex. As we've noted in previous Penguin Shell issues, device files (like /proc files) really represent an abstraction of the devices themselves. Using a filesystem model creates an intermediary between user space and the hardware. In other words, when you see /dev/hda1 (the first partition [1] on the first IDE hard drive [hd] on the primary IDE controller [a]) on your system, you're really seeing a summary of the characteristics and physical location of the drive, as well as some information about what's needed to make that drive work.

Under the current /dev system, devices also utilize major and minor numbers. The major number communicates directly with the kernel to provide insight as to the type of device. For example, /dev/hda1 also has a major number of 3. This tells the kernel that /dev/hda1 is a block device - one that caches writes to a pre-determined byte size, then writes that cache (or buffer) to the device. The minor number, on the other hand, doesn't communicate directly with the kernel. Instead, it communicates with the device driver itself. This prevents conflicts when using devices of the same type on different ports. tty devices, for example, are serial devices. So, in fact, are virtual consoles. They both use a tty driver. The minor number instructs the driver as to which piece of tty hardware to interact with.

devfs strives to eliminate this rather antiquated way of handling devices in Linux. Most current distributions offer devfs as an option but none, to my knowledge, implement it by default. The current system creates nearly all possible device files, with major and minor numbers, by default. This swells the /dev directory to almost unsearchable proportions. devfs, on the other hand, creates devices files using readable names [ie: /dev/floppy] as they're needed rather than as a blanket process. In other words, when a driver is loaded, it creates it's own /dev/whatever file using human readable language. This is a diametrically different approach to the current scheme, where the /dev files already exist, waiting for any driver that may or may not exist on the system.

For the end user, devfs will mean readable device files and nearly transparent device loading. It will also mean a substantial reduction in the number of files in the /dev directory. If you're running a 2.4.x kernel, devfs is already available to you, though you'll need to recompile the kernel in order to make the transition.

Constant change and improvement. If one thing stays the same, it's the fact that Linux continues to change for the better.

Recommend It!
Send us a GnomeCORE tip

GnomeFILE

DashPC

http://www.dashpc.com/

"The DashPC car multimedia system is a UI for automobile multimedia implemented in Linux. Its provides a comprehensive interface for MP3, DVD, and CD playback, a radio card interface, and GPS navigation. It features an easy-to-use interface and a modular design. Its functionality is configurable and the system is expandable with the use of plug-ins, which currently include plug-ins for controlling video4linux supported radio cards, viewing images, and running external commands."

Recommend It!
Send us a GnomeFILE suggestion

GnomeVOICE

Losing Yet More Weight
Scribbled by Thain

"Another lightweight window manager is Fluxbox. It's based on BlackBox code, with some improvements such as an iconbar for minimized apps, tab grouping, and anti-aliased text. It can also use blackbox themes. anti-aliasing support must be specified at compile time, and fluxbox started with fluxbox -anti alias.

"As for lightweight browsers, Opera and Phoenix. I've become quite a fan of phoenix lately, its fast, and has support for themes and some Mozilla extensions. It also uses widgets from the current GTK theme, such as buttons and scrollbars. You can also add more sites to the search bar here."

Recommend It!
Speak your GnomeVOICE

GnomeCLICK

LinuxGames

http://www.linuxgames.com/

LinuxGames is the place to find great entertainment in Linux. This is s full-out no-holds-barred gaming site, dedicated completely to the Linux world. The site contains information and discussion about all sorts of Linux games. It also includes HowTos ranging from LAN parties to StarCraft and Ultima. There's also a full selection of well-written articles about specific Linux games and gaming in general. All in all, this should be a permanent bookmark for anyone interested in Linux and games.

Recommend It!
Suggest a GnomeCLICK

 Latest Windows Daily
 Latest Digital Media
 Latest Tech Specialist
 Latest Penguin Shell
 Latest Apple Core
 Latest Web Weekly
 Latest Bits & Bytes
 Latest Downloads
 Latest Forum Posts

 Suggest a Feature
 Advertise With Us
 Chat With Gnomies
 Watch The Webcams
 Recommend Us!
 View More Options
 About Lockergnome

 Link To Lockergnome
 Our Privacy Policy
 Our XML / RSS Feed
 Syndicate Our Tips
 Download X-Setup
 Download eBooks

 Ask a Question
 Low Price Finder
 CPU Magazine
 High-Tech Job Search
 Gnomies.com ISP
 The GnomeSTORE

 General Feedback
 E-mail the Editor
 The Editor's Blog

GNOMESEARCH

GNOMESPECIALS

 Protect Your Passwords
 Easy Slide Show Maker
 zip.XL
 Outpost Firewall Pro
 Pretty Good MahJongg
 Book Collector
 Manage Your Workgroup
 Form Pilot
 FirstStop WebSearch
 Tag&Rename
 Boomer - Stream Now

Get Listed Here

CLICK HERE TO ZOOM

GNOMECETERA

©2002, Lockergnome LLC. ISSN: 1095-3965. All Rights Reserved. Please read our Terms of Service. Our Web site is hosted by DigitalDaze. Domain registered at DNS Central. Powered by Lyris ListManager