The e-smith server and gateway
That's a question I've asked on a number of occasions when offering to set up an inexpensive Internet gateway, mail server and firewall solution. Sometimes, the server also serves up web pages. Linux is nothing if not flexible. Aside from being an entirely feasible approach, the final product based on this question never failed to impress the companies for whom I created such a system.
Of course, somewhere in there, I had to install the system, configure sendmail, diald, firewall rules, configure the hardware, the network, the web server, the ... well, you get the idea. When I heard about e-smith, it sounded like a dream come true. A server of this type was one trouble-free installation away. No messy configurations and a simple point-and-click interface for administration. What could be better?
The e-smith server and gateway came to me with a CD-ROM, boot diskette and a spiral-bound manual. The manual is clear and opens flat (which is nice), and the latest version is always available from the e-smith web site. It's not a lot of information, but it covers all the basics of installing and running an e-smith gateway.
I love documentation, even if I don't always use it. So I decided to go straight to my tests and skip what the manual had to offer. After all, if it was that easy, why not jump right in?
In the course of this review, I did two tests, one on a notebook computer with a PCMCIA Ethernet card and modem, and the second on a desktop server with one card and an external 56K modem.
My first test system did not allow me to boot directly from the CD, so I worked from the diskette instead. After a few seconds, the welcome screen came up, complete with a message saying "this installer program will convert this computer into a fully functional e-smith server and gateway. It will then be ready to run 24 hours a day as a network server, and will no longer be available to run other applications."
Hmm ... that's all right I guess. After all, we're setting up a server and not a workstation.
Another warning says to make sure that your hardware configuration is supported by e-smith. The list of supported hardware is in the manual I wasn't reading and also on the web site. I decided to push ahead. When you are ready, type accept at the boot prompt and proceed with the installation.
Next, we get to the "Installation Type" where you can select a single hard disk configuration (or hardware RAID-1 mirroring), or a dual hard disk configuration with software RAID-1 mirroring. Your third option is to upgrade an existing gateway. I chose the first option, tabbed over to the okay prompt and press Enter.
This is the first time I got into trouble. Seconds into the install, a message came up that said "An error occurred reading the partition table for the block device hda." I thought that perhaps it was now time to check out those hardware requirements they talked about earlier. I visited the web site and, yes, it seems I have a valid hardware configuration (Pentium 150 with 1.4 Gigs of disk space and 64 Megs of RAM). Looks fine.
A little sleuthing pointed to a problem with my partition table, just as the message had said. I use this notebook to test lots of different things and, somehow, my previous installation of Slackware may have suffered some weirdness, leaving the partition table in a questionable state. One boot into single-user mode and an fdisk later, and I was back on track.
Another reboot, another acceptance of terms and one final warning. The message informed me that this "will" erase your whole hard disk. It literally says "This is your LAST WARNING." No problem, I am ready. I typed proceed as instructed and my installation was under way.
Disks spin, the CD whirs (or makes some kind of swishing noises), and a Red Hat-like text-based installation flashes across my screen. There is no surprise here. After all, e-smith is based on Red Hat's distribution.
With the installation completed and the system rebooted, I came to my first configuration screen. It was time to choose a password. Then, we started network configuration with domain and host name setup. Unfortunately, this is where it got a tad more complicated; e-smith failed to locate my Ethernet cards. I would have to configure them manually. I can always get to root, after all. Strange. The web site says the e-smith gateway pretty much supports the standard Red Hat set of drivers, and I had run Red Hat on this notebook. I pushed on.
There are two different modes of operation for e-smith, Server and gateway (provides local services and access to the internet) and Server only, (provides only local services). I chose the first option which is also the default. The next step is to choose the access mode. In other words, how will you connect to the Internet? Since my internet connection was doing fine on its DSL connection, I decided to choose the second option, a dial-up configuration, as opposed to the dedicated option. This brought me to a screen asking for my modem's serial port. I seemed to recall that it was on ttyS2 (from previous installations), but I wasn't sure. Personally, I think it would be nice if the installation process did a little auto-checking for you. Querying the serial ports is easy, and it would save the user a great deal of effort.
Next, I was asked to enter the phone number of my ISP, including the user name and password for the account.
This is followed by a selection of connect policies. Simply put, how long do you want the connection to stay up once you have it configured? Long connect times minimize dialing delays. Unfortunately, there is no indication on this screen of what constitutes long. By the way, you get to decide these settings for different times; during business hours (defined as 8:00 AM to 6:00PM) and after business hours. There is also a weekend policy. I took the defaults (assuming I could change it later) and moved on.
One of the things I thought was pretty cool is e-smith's offer to allow you to set up a subscription to a dynamic DNS service (like yi.org or dyndns.org and others). I kept mine set to "off".
The next setting is a DHCP setup; should the e-smith gateway provide DHCP services? Personally, I find that in small, static organizations (the same people are always at the same desks), DHCP is more of a pain than not. I opted to override the default of "on" and turned those services off.
Since I was not running a dynamic DNS, I then entered my DNS address. Since I had no proxy server outside my local network, I accepted the default of "no".
I found the next option a bit uncomfortable. e-smith maintains statistics on how long their gateways have been in continuous operation. If you choose to accept this option, your gateway will send a message to e-smith once per day, specifying your IP address and your uptime and that, we are told, is all. Nevertheless, I don't even like the idea of anybody monitoring my system unless they have a darn good reason. Call me paranoid but I chose "No", which (to e-smith's credit) is the default.
Another thing I found unsettling was the option to have the e-smith gateway permanently logged in, automatically at every boot. This is the default. I don't know about you, but if something is my gateway or firewall, I want it sitting at a login prompt. I chose to override the default of "auto" and, instead, stare at a nice login prompt when the system boots. Take note, however, that the administrator login is not "root", but "admin". You can log in as root, but you do not get the administration menu.
The next screen allows you to chose IDE disk optimization. For the curious, this is the hdparm command talking here. The default is to keep this disabled, recommended for older systems. You are warned that while this may improve performance, there is a risk. If you are concerned, accept the default.
Finally, e-smith asks for your e-mail address. When you run the "Test Internet access" function, your e-mail address will be sent to e-smith. Again, I don't know how I feel about this. Actually, I do. Apparently, e-smith suspects that they know as well. If you enter nothing here and simply hit Enter, no information will be sent. Guess what I did?
All this information now gets written up in various configuration files and at some point we are ready to go.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Humble Hacker?
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide