The e-smith server and gateway

That's a question I've asked on a number
of occasions when offering to set up an inexpensive Internet
gateway, mail server and firewall solution. Sometimes, the server
also serves up web pages. Linux is nothing if not flexible. Aside
from being an entirely feasible approach, the final product based
on this question never failed to impress the companies for whom I
created such a system.Of course, somewhere in there, I had to install the system,
configure sendmail,
diald,
firewall rules, configure the
hardware, the network, the web server, the ... well, you get the
idea. When I heard about e-smith, it sounded like a dream
come true. A server of this type was one trouble-free
installation away. No messy configurations and a simple
point-and-click interface for administration. What could be
better?The PackageThe e-smith server and gateway came to me with a CD-ROM, boot
diskette and a spiral-bound manual. The manual is clear and opens
flat (which is nice), and the latest version is always available
from the e-smith web site. It's not a lot of information, but it
covers all the basics of installing and running an e-smith
gateway.I love documentation, even if I don't always use it. So I
decided to go straight to my tests and skip what the manual had to
offer. After all, if it was that easy, why not jump right
in?InstallationIn the course of this review, I did two tests, one on a
notebook computer with a PCMCIA Ethernet card and modem, and the
second on a desktop server with one card and an external 56K
modem.My first test system did not allow me to boot directly from
the CD, so I worked from the diskette instead. After a few seconds,
the welcome screen came up, complete with a message saying "this
installer program will convert this computer into a fully
functional e-smith server and gateway. It will then be ready to run
24 hours a day as a network server, and will no longer be available
to run other applications."Hmm ... that's all right I guess. After all, we're setting up
a server and not a workstation.Another warning says to make sure that your hardware
configuration is supported by e-smith. The list of supported
hardware is in the manual I wasn't reading and
also on the web site. I decided to push ahead. When you are ready,
type accept at the boot prompt and proceed with
the installation.Next, we get to the "Installation Type" where you can select
a single hard disk configuration (or hardware RAID-1 mirroring), or
a dual hard disk configuration with software RAID-1 mirroring. Your
third option is to upgrade an existing gateway. I chose the first
option, tabbed over to the okay prompt and press Enter.This is the first time I got into trouble. Seconds into the
install, a message came up that said "An error occurred
reading the partition table for the block device hda." I
thought that perhaps it was now time to check out those hardware
requirements they talked about earlier. I visited the web site and,
yes, it seems I have a valid hardware configuration (Pentium 150
with 1.4 Gigs of disk space and 64 Megs of RAM). Looks fine.A little sleuthing pointed to a problem with my partition
table, just as the message had said. I use this notebook to test
lots of different things and, somehow, my previous installation of
Slackware may have suffered some weirdness, leaving the partition
table in a questionable state. One boot into single-user mode and
an fdisk later, and I was back on track.Another reboot, another acceptance of terms and one final
warning. The message informed me that this "will" erase your whole
hard disk. It literally says "This is your LAST WARNING." No
problem, I am ready. I typed proceed as
instructed and my installation was under way.Disks spin, the CD whirs (or makes some kind of swishing
noises), and a Red Hat-like text-based installation flashes across
my screen. There is no surprise here. After all, e-smith is based
on Red Hat's distribution.With the installation completed and the system rebooted, I
came to my first configuration screen. It was time to choose a
password. Then, we started network configuration with domain and
host name setup. Unfortunately, this is where it got a tad more
complicated; e-smith failed to locate my Ethernet cards. I would
have to configure them manually. I can always get to root, after
all. Strange. The web site says the e-smith gateway pretty much
supports the standard Red Hat set of drivers, and I had run Red Hat
on this notebook. I pushed on.There are two different modes of operation for e-smith,
Server and gateway (provides local services and access to the
internet) and Server only, (provides only local services). I chose
the first option which is also the default. The next step is to
choose the access mode. In other words, how will you connect to the
Internet? Since my internet connection was doing fine on its DSL
connection, I decided to choose the second option, a dial-up
configuration, as opposed to the dedicated option. This brought me
to a screen asking for my modem's serial port. I seemed to recall
that it was on ttyS2 (from previous
installations), but I wasn't sure. Personally, I think it would be
nice if the installation process did a little auto-checking for
you. Querying the serial ports is easy, and it would save the user
a great deal of effort.Next, I was asked to enter the phone number of my ISP,
including the user name and password for the account.This is followed by a selection of connect policies. Simply
put, how long do you want the connection to stay up once you have
it configured? Long connect times minimize dialing delays.
Unfortunately, there is no indication on this screen of what
constitutes long. By the way, you get to
decide these settings for different times; during business hours
(defined as 8:00 AM to 6:00PM) and after business hours. There is
also a weekend policy. I took the defaults (assuming I could change
it later) and moved on.One of the things I thought was pretty cool is e-smith's
offer to allow you to set up a subscription to a dynamic DNS
service (like yi.org or dyndns.org and others). I kept mine set to
"off".The next setting is a DHCP setup; should the e-smith gateway
provide DHCP services? Personally, I find that in small, static
organizations (the same people are always at the same desks), DHCP
is more of a pain than not. I opted to override the default of "on"
and turned those services off.Since I was not running a dynamic DNS, I then entered my DNS
address. Since I had no proxy server outside my local network, I
accepted the default of "no".I found the next option a bit
uncomfortable. e-smith maintains statistics on
how long their gateways have been in continuous operation. If you
choose to accept this option, your gateway will send a message to
e-smith once per day, specifying your IP address and your uptime
and that, we are told, is all. Nevertheless, I don't even like the
idea of anybody monitoring my system unless they have a darn good
reason. Call me paranoid but I chose "No", which (to e-smith's
credit) is the default.Another thing I found unsettling was the option to have the
e-smith gateway permanently logged in, automatically at every boot.
This is the default. I don't know about you, but if something is my
gateway or firewall, I want it sitting at a login prompt. I chose
to override the default of "auto" and, instead, stare at a nice
login prompt when the system boots. Take note, however, that the
administrator login is not "root", but "admin". You can log in as
root, but you do not get the administration menu.The next screen allows you to chose IDE disk optimization.
For the curious, this is the
hdparm command talking here. The
default is to keep this disabled, recommended for older systems.
You are warned that while this may improve performance, there is a
risk. If you are concerned, accept the default.Finally, e-smith asks for your e-mail address. When you run
the "Test Internet access" function, your e-mail address will be
sent to e-smith. Again, I don't know how I feel about this.
Actually, I do. Apparently, e-smith suspects that they know as
well. If you enter nothing here and simply hit Enter, no
information will be sent. Guess what I did?All this information now gets written up in various
configuration files and at some point we are ready to go.Problems on the Road to the InternetI tried to use the gateway but to no avail. As it turns out,
PCMCIA devices are not supported (at least as part of the
installation), something that I failed to notice in the
documentation. I could load the PCMCIA package and try to configure
it manually. Instead, I decided the best approach would be to do
this again with the type of hardware it was intended to support.
So, I called a friend at a company I work with on a regular basis
and asked if he had a spare server. He did (thanks, Frank).Try, Try AgainThis time, my test system was a SCSI desktop system with an
external modem. The boot was automatic and did not require the
diskette. The installation was going very smoothly until I got to
the Ethernet card selection. Once again, my card, a Linksys
LNE100TX, was not selected although it used a standard Red Hat
tulip driver. No problem, I decided that I would not let that slow
me down. After all, I could manually add the card later. I finished
the configuration and rebooted. In my second experience, I was
rather pleased with how well things had worked and how fast.Here's a quick tip. If you want to get to the command line,
log in as "root" and not "admin". After editing my
/etc/modules.conf file to load the tulip driver,
I discovered the supplied driver is out of date for the card I had
purchased. An internet connection would be nice at this point and,
as it turned out, I realized that my e-smith gateway was working
just fine with the dial-up connection. No trouble there. In fact,
it was downright slick. I used the
lynx browser to access the Linksys
web site in order to get the latest driver.The excitement was building. I was almost there. I unpacked
the source, ran the install script and discovered that I had no C
compiler. Tech support informed me that they do not install the
compiler for security reasons, and I could accept that, but it
wasn't even on the disk. Finally I gave up, found an old ISA card,
plugged it in and was able to get the gateway up and running
perfectly with one last boot.Tech SupportIn some ways, having problems while doing a review is not
such a bad thing. You get to call tech support which gives you a
feel for how quickly your questions and concerns will be answered.
I am happy to report that not only did I not have to wait in a
queue, but the person I spoke with was knowledgeable, helpful and
open to the suggestions I made regarding the whole installation
process. Consequently, by the time you read this, the problems I
experienced may well have been solved.Working with e-smithI've spent a lot of time talking about the installation
because I wanted to convey the type of thing that can throw off a
turnkey installation like e-smith. Now that the system was up and
running, it was time to experience it from the customer's point of
view.As I mentioned, the modem dialer (which uses diald) worked
flawlessly. I had some nice tests planned out
for this phase of the operation, with my notebook already
configured to take advantage of my e-smith gateway. The default
installation makes access to the Internet easy with all the
appropriate IP masquerading rules already in effect.Security is a serious issue with e-smith and perhaps its
greatest strength. The server does not boot up with a dozen
services running and a dozen potential places for a cracker to get
in. Even SSH isn't activated by default. This is a very secure
system that nonetheless provides a number of services for its
internal users. One of the many things that e-smith's browser-based
administration interface does is allow you to modify (see Figure
1). This interface is one of e-smith's strengths. With it, a
non-technical administrator can oversee an installation and attend
to their users' needs.Modification
InterfaceThrough the web interface, you can also set up e-mail using
either individual accounts or a multidrop system using fetchmail.
Easy to configure, it worked flawlessly on my test (see figure 2).
If you want to create and deploy your own web site, there's a menu
option for that as well. e-smith's dialog will take you through the
configuration for a "starter" web (figure 3). For performance,
e-smith even comes with a Squid proxy pre-installed and ready to
go.E-mail
TestStarter
WebDid I mention secure
services? Besides SSH for secure remote access, e-smith includes a
secure Apache web server and secure web-based e-mail as well.
Sticking with e-mail for a moment, e-smith also provides a network
directory with LDAP.To round out this package, e-smith provides workgroup and
intranet tools with "i-bays", information sharing sites, document
repositories, file services that can be configured for local,
remote, shared or private access (see Figu>e 4). Once again,
easy to set up and use. When you configure a user through the
interface, each one magically gets their own file services area. I
won't spoil your adventure of discovery, but I will tell you that
these "i-bays" also provide ready access to the web site, making it
easy to do web design with your favorite HTML editor.I-baysThe one qualm I have about the web interface is a minor one.
The bright orange "e-smith" banner on each page takes up an awful
lot of real estate on the screen. It could be trimmed without
affecting the functionality.The Coste-smith is available directly from the company for $595 US
and includes a one year support subscription. This includes the
packaged software along with documentation, unlimited technical
support and regular updates (security updates, patches, etc) which
come out a few times during the course of the year and arrive on
CD-ROM.The price is somewhat flexible depending on the type of
organization and the reseller. Different dealers will offer
additional or included services, and the price may vary. Check with
e-smith and ask them to put you in touch with a local
reseller.You can also download a copy from e-smith's web site, but at
that point you are on your own.ConclusionAll in all, e-smith is an excellent idea. It provides a neat,
packaged solution with a strong emphasis on security that is quite
admirable if not downright laudable. The web interface means you
can then turn the finished product over to your customers so they
can handle their own administration once the installation is
complete. Finally, the update service means you can let someone
else keep an eye on security fixes and updates.In particular, I believe that this is an excellent product
for resellers or systems integrators. It provides them with an
easy-to-deploy and easy-to-administer solution. My experience with
the installation process confirmed that for me. Would I recommend
this for the home user? Probably not. Would I recommend it for
small- and medium-sized businesses that need an internet server and
firewall? Absolutely.ResourcesBoston:e-smith, inc.1050 Winter StreetSuite 1000Waltham, MA
02451Ottawa:e-smith, inc.150 Metcalfe StreetSuite 1500Ottawa,
ONCanadaK2P 1P1Marcel Gagné lives in
Mississauga, Ontario. In real life, he is president of Salmar
Consulting Inc, a systems integration and network consulting firm.
He is also a pilot, writes science fiction and fantasy, and is
co-editor of TransVersions, a science fiction,
fantasy, and horror anthology. He loves Linux and all flavors of
UNIX and will even admit it in public. He is the author of
Linux System Administration: A User's Guide,
available this fall from Addison Wesley. He can be reached via
e-mail at mggagne@salmar.com. You can discover lots of other things
(including great Wine links) from his
web site.

email: ljeditors@ssc.com