Many small businesses are becoming interested in Internet connectivity, but they are unwilling (or unable) to fork over the cash for the necessary hardware. With routers costing close to $2000 and bandwidth as expensive as it is, there doesn't seem to be a viable method of putting small networks on the Internet. However, that depends on what you need—high bandwidth is not required for basic services, like e-mail, and Linux provides a very inexpensive alternative to high-cost commercial servers and routers.
About six months ago, I was sitting around drinking beer with Rob, a graphic artist friend of mine. He was complaining about the lack of connectivity at his office and trying to figure out how to get at least e-mail at work. His network consisted of Apple PowerMacs, Quadras, and Performas connected via Ethernet and speaking Appletalk, Apple's networking protocol.
A bell in my head went off, and I set about building a Linux box that would solve his problems. I went out the next weekend and bought a used 386DX25 with 4MB of RAM, a 340MB hard drive, and an NE2000 ethernet card for $600. Add to that a 28.8 modem for another $200, and the frame for “maceater” was born. I screwed everything together, and fired it up with DOS to make sure the hardware would actually function. Finding no problems, I repartitioned the drive and built a lean, mean, 1.2.13 a.out Slackware-based system with IP_FORWARD turned on.
Everything that wasn't needed for networking, system administration, and basic user functions I left out. The resulting system used very little space, leaving plenty of space for user directories, swap, and building new programs.
After some hacking with the PBX, I got the phone line hooked up and a PPP link established with our ISP (from whom we had purchased a dedicated phone line). Our domain had been registered, and we had a full class C to start assigning IPs. I gave Rob a crash course in Unix, DNS, and pico, and we were off. Several users had requested dial-in PPP, so we started assigning office workstations one end of the IP range and off-site workstations to the other.
We had to install MacTCP on all the machines and reconfigure them to speak TCP to each other (and to “maceater”, the Linux box). Setting up the Macs was fairly easy, and despite the tendency of MacTCP (and its newer sibling “Open Transport”) to puke all over System 7.5.3 at random intervals, we had everything routing internally in about four hours. We could ping all the Macs from maceater, and all the Macs could telnet into the Linux box. A word of warning: make sure you apply all the patches from Apple for MacTCP and Open Transport, as they have a number of potentially nasty bugs in them.
As we were fighting with the Macs, the topic of disk space (and the lack thereof on the Macs) came up. Another bell went off in my head, and I grabbed the source for Netatalk, a package for Unix boxes that allows them to speak Appletalk and perform a number of services, including printing from a Unix machine to an Appletalk-connected printer, printing from a Mac to a Unix printer, and accessing Unix file systems from a Mac. (Netatalk is available at www.umich.edu/~rsug/netatalk.)
Netatalk works best with a newer kernel, so I built a 1.3.74 kernel (the latest kernel available at the time of the installation) with Appletalk enabled and IP forwarding on. I started to compile Netatalk and left for dinner. Three hours later (it's a 386, remember), I installed the binaries, and fired up afsd, the apple file system daemon. After reading some of the docs and setting up a mountable volume, I re-opened the Chooser on one of the Macs and presto! There was an entry for Linux sitting amongst the other Macs. Clicking on “Linux” opened up a folder that contained /usr/local/bin, the volume that I had mounted, looking like any regular Mac folder. I copied some files back and forth, and since nothing was corrupted, declared it a success—and much easier than using something like Fetch to move files around.
It took about a full weekend of work, mostly because compiling anything on a 386 is painfully slow. We did as much remote compiling on my workstation at work (a DX4-100) as we could, transferring the resulting binaries over to the maceater.
Thus far, maceater performs the following major functions:
1. Runs sendmail for hlm.com (version 8.7.5)
2. Functions as a pop-mail server for ~20 workstations
3. Provides the primary nameservice for hlm.com (bind, version 4.9.3)
4. Runs an experimental web server (Apache 1.0.0)
5. Provides one line of dial-in PPP or shell access for employees (PPP 2.0.0e)
6. Routes packets for the entire network
7. Serves as an FTP site
8. Acts as an native Appletalk fileserver (Netatalk version 1.3.3b2)
As of this writing, maceater has been up for 82 days, during which we have compiled and upgraded sendmail, bind, and pppd. Load averages about 0.5, depending on how many people are running shells.
All in all, the hardware for maceater cost us about $800 and a weekend to get it running smoothly, although much of that was fighting with MacTCP and ironing out problems with our ISP. Hardly anyone in the office knows the Internet gateway/fileserver for their beloved Macs is an old clunky-looking PC sitting on the shelf in their supplies closet and was built in a weekend from spare parts. If only they knew...
Jonathan Gross is Editor of WEBsmith magazine and likes to infiltrate Windows and Macintosh networks with Linux boxes in his “spare” time.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide