A Computer Lab with No Windows, Part II
In Part I of this article, I outlined my reasons for building a Linux terminal server network for my classroom lab. I also began the explanation of how I set up the lab. Here's Part II.
With an Ultra320 SCSI port, we can connect as many as 15 hard drives to the bus. However, SCSI hard drives still are expensive, and it was beyond our budget to buy more than two hard drives. In my design, the second hard drive is for backup purposes only. I did not choose RAID 0 (data stripping for better performance) nor RAID 1 (mirroring), as I wanted to do the data backup manually.
Following a Linux mini how-to I found on hard-disk upgrades, I set up my second drive exactly the same as my first. I did not choose RAID 1 basically due to performance concerns. If RAID 1 is set up, every write (save to hard drive) triggers another write on the mirror disk and more time is needed. As for teaching purposes, my users' (student) data is important but not as critical as business data. Instead of having a second write each time a user saves his or her work on the server, I wrote a simple backup script and placed it under /etc/cron.daily. With it, all users' data is backed up to my second drive at 1:00am.
In order not to overload my Linux terminal server, I set up two more Linux servers, one for Apache and the other for a router and Squid. With the support of the Manitoba Chapter of Computers for Schools, I got two not-very-old servers for $75 each. One is an old Dell dual Pentium Pro server and the other is an IBM Netfinity server. I put 512MB of RAM in the router/Squid server, as I needed more RAM for Squid. With a few commands in iptables, I was able to re-route all Web requests to the Squid server without any setup required on students' workstation:
[root@router root]# cat /sbin/transquid.sh #!/bin/sh # written by C T Leung # November 15, 2002 # for basic NAT function + transparent proxy using squid # add this line to block all ip packets to/from chaos /sbin/route add -host chaos.wsd1.org reject IPTABLES="/sbin/iptables" # iptables binary INTIF="eth0" # internal interface EXTIF="eth1" # external interface # initialization of chains and rules $IPTABLES -F $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F -t nat $IPTABLES -X # delete any chains existing # setting default rules for each flow (in this case, accept everything) $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # adding masquerading function into "nat" chain # with this, all the locals can go out to Internet # through external interface (from internal interface) # at the same time, every connection goes to port 80 # will be redirected to 8080, squid proxy server #$IPTABLES -t nat -A POSTROUTING -s 192.168.1.110/24 -o $EXTIF -j MASQUERADE #$IPTABLES -I INPUT -s chaos.wsd1.org -j DROP echo 1 > /proc/sys/net/ipv4/ip_forward # to enable ip_forward by assigning 1 $IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port 8080 # listing the chains and rules set by above lines $IPTABLES -L $IPTABLES -t nat -L
Most of the common programming languages, such as shell scripts, C and C++, are included in the LTSP download. If you want to have the latest Java development environment installed, however, you can download your choice of Java SDK from Sun and install it. Sun offers Java SDKs in both source as well as binary code. After installation, you might want to add a path to /opt/ltsp/i386/etc/lts.conf so any user can have access to the language. Here is mine configuration file as an example:
# # Config file for the Linux Terminal Server Project (www.ltsp.org) # # See lts.conf.readme for a description of each configuration item # [Default] SERVER = 192.168.1.253 XSERVER = auto X_MOUSE_PROTOCOL = "PS/2" X_MOUSE_DEVICE = "/dev/psaux" X_MOUSE_RESOLUTION = 400 X_MOUSE_BUTTONS = 2 X_USBMOUSE_PROTOCOL= "IMPS/2" X_USBMOUSE_DEVICE = "/dev/input/mice" X_USBMOUSE_BUTTONS = 3 X_USBMOUSE_RESOLUTION = 400 # Keyboards XkbSymboles = "us(pc101)" XkbModel = "pc101" XkbLayout = "us" USE_XFS = N LOCAL_APPS = N RUNLEVEL = 5 PATH=./:/usr/java/j2sdk1.4.1_01/bin/java:$PATH
In the final line of the config file, I added a current path (./) as well as the path for all the binary, such as JavaC and Java for every user.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide