Linux in a Windows Workstation Environment, Part I
This series of articles covers the development of a Linux-based server that supports a number of workstations running MS Windows in the computer laboratory of a 55+ RV Resort in Mesa, Arizona. The age-old stereotype of senior citizens playing shuffleboard by day and bingo by night is outdated, if ever true. Such activities have their role; however, our residents are equally as likely to be in the computer room, sending and receiving e-mail or browsing the Web to research their latest financial, medical or recreational question. Our facility protects the local machines from inexperienced and/or inept users, but it also offers sophisticated services for the user that needs them.
Prior to beginning this project, I had experience using a wide variety of computer systems; however, my UNIX and Linux experience was minimal. My computer background began in 1963 as a Fortran programmer on mainframes in support of my own scientific research. In the early 1970s, I was a part of a small team that developed real-time software and hardware for interfacing PDP-11's to scientific instruments. In 1981, I became system manager for a VAX-11/780 and ran various systems. At this position, I gained some experience with UNIX and Linux systems until my retirement came in mid 1999. At that time, I became a full-time RV resident, dedicated to the avoidance of cold weather.
In November 1999, we arrived in Mesa, Arizona, and occupied a site in the Mesa Regal RV Resort, which is a 55+ community. Given my long-time involvement with computers, I naturally joined the computer club. It had been established six or seven years earlier, when one of the residents transported his personal computer to a classroom once a week to teach the residents how to use such a machine. The next step was for him and his students to conduct fund-raising and purchase a single PC for teaching purposes.
By the time of my arrival in Mesa, the computer club had expanded from that humble beginning to a dedicated computer room, populated with 8 Windows-based PCs. These machines shared a DSL broadband Internet connection with routing and network address translation services provided by WinGate software running on one of the PCs. This configuration was proposed and implemented by a consultant, as the computer club had no internal expertise in networking.
During my first season in Mesa, the club facilities expanded to 12 computers. The following summer (2000), the RV resort was sold to Cal-Am Properties, Inc., which has a commitment to providing computer access to the residents of its properties. The company's initial contribution was to add ten new workstations and replace the two oldest computers. At this point, however, we ran into a problem: our WinGate license would support only 5 concurrent Internet sessions, which was not nearly enough for 22 workstations. Because I had more networking experience than did the others, I was asked to propose solutions to this problem. I rejected the first option of purchasing additional licenses for the WinGate software, as this would have been relatively expensive. In addition, my real-time background and experiences with Windows made me highly distrustful of using Windows 98 in a mission-critical role.
The second option was to convert one of the recently retired machines, which did not have sufficient resources to run Windows 98, into a router. I learned that Linux could operate nicely on minimal hardware, so I began developing a router on a 133MHz Pentium with 16MB of RAM, a 1.4GB hard drive and two Ethernet interfaces. The resulting system was built from a SuSE 6.4 distribution, employing a 2.2.x kernel. The firewall and network address translation functions were provided by the ipchains facility. Not only was this system built from surplus equipment at no cost for hardware, it clearly could handle all the workstations. It also added firewall functionality. The only "cost" was development time. This system went into service in November 2000 and served us well for more than one year.
In January 2002, the router memory was upgraded from 16MB to 32MB, the kernel was upgraded to the 2.4.x series, and the firewall was rewritten using iptables functionality, which added stateful information regarding each packet. Not only could we block external connection attempts based on TCP or UDP port, we also could pass only those packets that contain information explicitly requested.
In late 2002, a computer with a 400MHz processor, 64MB of RAM and a 6GB hard drive became available. The router system was transferred to this machine, and the previous unit became a cold spare. It never was called on, though, as the newer unit also was stable. It ran until June 2004, with reboots needed only for kernel upgrades and long power failures that exhausted the battery backup unit. At one time, the router had run in excess of one year between reboots.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Firefox 46.0 Released
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide