SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm interested in reading thoughts and caveats from those of you using Slackware as a network gateway system -- router, firewall, DNS, DHCP, VPN, VLANs, etc. Not a file or any other server. Just gateway services.
Bare metal? Virtual? How many NICs? Wireless AP (hostapd)? Web browser interfaces to display various stats? QoS?
I am aware of a few related topics at SlackDocs. I'm not yet interested at that level. Just interested in reading from those already doing this.
I'm not interested in discussing off the shelf products. Just Slackware gateway systems.
I would say a caveat is that you have to be interested at Slackdocs level, because it involves a lot of reading and figuring out to configure the stuff you want, depending on your current network knowledge.
Wanting this for home use can only mean one thing: that you want to be able to figure this all out, because otherwise there is no reward for you. You have to do it all yourself, you have to have a dedicated machine, with at least 2 NIC's, running 24/7. Since from a practical point of view, an off the shelf product like a ubiquiti EdgeRouter X would be an easy start. Also CentOS or debian, which you already use, are quicker to configure for this. But on slackware it can obviously be done as well, and you will learn a lot.
Bare metal (as I upgrade my machines, the oldest living one becomes the gateway). 2 NICs, 2 wireless cards each with an instance of hostapd handling it, iptables firewall (of course). The gateway also runs DNS caching for the outside world, DNS resolution for internal devices, and acts as a DHCP host for the internal networks (each wireless card and the wired internal network are on their own subnets in the 10.x.x.x space). It can act as a print server as well.
I use gkrellm to keep an eye on it and fiddled around with setting up snmp reporting but didn't get around to finishing that work.
When I was the network admin at my current job, I ran slackware as the gateway. It was bare metal, two nic's (one inside, one outside). No wireless. It ran dnsmasq as both dhcp and dns server.
I used ferm to write the firewall rules (blocks, forwards, etc). It just worked so I never had any monitoring, never setup qos. (though ferm would let you)
I use a Kangaroo PC for a remote residential gateway. I don't have persistent Internet at the residence but many of my nearby neighbors have Xfinity. The gateway hops on one of the public Xfinity hot spots and I use WiFi On Demand for Internet access.
The Kangaroo has built-in wireless AC used for the WAN & I added a USB wireless N for the LAN. Network Manager handles the WAN and so I use nmtui over SSH as the main interface. Hostapd handles the LAN and requires little to no ongoing management. If ethernet is connected rc.inet1 handles that.
When the PC is activated, NM automatically seeks out a public Xfinity hot spot and prompts the LAN user with the WiFi On Demand login. I have a cron script that checks hourly to establish a VPN connection back to my VPN server at home. This enables me to connect directly to my Plex server to watch movies or antenna TV. The residence is remote so no antenna TV but cable & satellite are options. I'm not there enough to justify the monthly expense of either so WiFi On Demand fits the need.
It is a fun project and it has been working for over 2 years with minimal issues.
I use one of the property's outbuildings to house hardware which is too hot and/or noisy for the main house, and an old T510 laptop named "shack" runs Slackware 14.2 and acts as the gateway.
It presents eth0 as 10.0.0.1 to the ethernet network used within the outbuilding, and routes to/from the main house's wireless network in 192.168.x.x on wlan0.
It also acts as the 10.x.x.x network's DNS server (using BIND configured as a caching nameserver with forwarder set to the main house's WAP).
It also controls the "smart" power strips within the outbuilding and implements logic powering up/down various systems according to various rules (like powering up the GlusterFS exporting servers before powering up the systems which try to mount from them, and powering down battery-backed systems gracefully before they run out of power during an outage).
It also monitors the temperature in the outbuilding and turns on/off the AC unit as needed. The AC unit is a cheap "dumb" air conditioner, but it's plugged into one of the smart power strips, so shack turns it on/off via the strip.
2 wireless cards each with an instance of hostapd handling it
Model numbers of the wireless NICs?
Quote:
I use gkrellm to keep an eye on it and fiddled around with setting up snmp reporting but didn't get around to finishing that work.
So you run a desktop on this system? I'm not being snarky -- just curious.
Quote:
In order to reduce the likely number of software flaws on the gateway --> do not install any software which is not necessary for the tasks at hand.
Seems obvious to me, but I suppose needs saying for others wandering into this thread. I suppose some folks might get upset because that means not having a "full install" of Slackware.
Likewise with a firewall. Always start with nothing open on the WAN side.
Quote:
It also controls the "smart" power strips
Smart? Do you mean a power controller?
Quote:
It also monitors the temperature in the outbuilding and turns on/off the AC unit as needed.
I would like to read more details. What monitoring hardware? Interface? SNMP?
To anybody who is curious I am thinking about such a project. I have spare idle computers to prototype although in the long run I would want something more energy efficient. I have been reading a lot about routers. The overwhelming opinion is the firmware in most consumer routers are horrible and more importantly, untrustworthy with zero guarantees of timely security patches. I read the Ars Technica article about building a home router and I thought, "Hmm, I could do that..."
I haven't yet figured out how I want to handle wireless or be able to display some basic meaningful stats. For the interim I could continue using the existing router as my AP until I find a suitable NIC and learn hostapd.
If headless, perhaps install Webmin.
I need a VPN and two VLANs if I am to replace my current consumer router.
For managing the firewall I am thinking lazy with Shorewall, UFW, or something similar. Slackware has VLAN support although I need to learn vconfig. Adding two VLANS means 2 more NICs for four total. In the long run perhaps a mini-itx with 4 onboard NICs.
It plugs into ethernet (or RS232, though I haven't tried that) and offers a telnet interface and a web interface. My perl module uses the telnet interface for query and control.
I had previously been using a "Digital Loggers" Web Power Switch, but it died after about a year so I bought a NP-05B to replace it. When it proved solid, I bought more.
Quote:
I would like to read more details. What monitoring hardware? Interface? SNMP?
I'm cheap. Like, super cheap, and I like puzzling out how to do things with existing hardware. Industrial environmental monitoring hardware seemed far too expensive for what I needed, so I got the idea of using the laptop's internal temperature sensors and deriving a function to convert internal temperature to external temperature. I kept a thermometer next to the laptop in the outbuilding for a few weeks, occasionally eyeballed it, and wrote down the temperature it showed and the corresponding internal temperatures per lm-sensors.
To my surprise and delight, this was a viable approach. For the range of temperatures which most interest me, there was a simple linear relationship between external temperature and "Core" temperature.
So I wrote a little perl script which loops forever, sampling Core temperature via lm-sensors, deriving external temperature from that, turning on the AC when external temperature reaches 78degF, turning it off when it drops to 72degF, and logging it all to stdout, which I redirect to a file for later reference. It's kludgy as hell, but has been working wonderfully for about six years now.
Looking over that script, I notice it's still using "synaccessctl" to control the power strip. That's the name of the utility I originally wrote to wrap the perl module, which I renamed to "np05bctl" when I cleaned it up and submitted it to CPAN in 2017: https://metacpan.org/pod/App::np05bctl
It's essentially the same utility as np05bctl. I really should update my script to use np05bctl, and anyone trying to do this at home would be using np05bctl from CPAN (or using the module directly).
The only reason my temperatures script is wrapping the utility and not using the module is because this way changes made to the module are picked up without having to restart the temperatures script (as it executes synaccessctl with every loop iteration, and synaccessctl reloads the module afresh every time it is executed), and for a while I was actively developing the module while the temperatures script was using it.
so I got the idea of using the laptop's internal temperature sensors and deriving a function to convert internal temperature to external temperature. I kept a thermometer next to the laptop in the outbuilding for a few weeks, occasionally eyeballed it, and wrote down the temperature it showed and the corresponding internal temperatures per lm-sensors.
That explanation brought a wide grin to my face. When I built the house 22 years ago, for $300 I bought a used wood burning boiler (hydronic heat in the house). Unlike the propane burner, with this old burner there is no simple way to regulate the fire. There is no such thing as a simple ON/OFF switch with wood fire. The fire keeps burning when there are no zone demands to remove heat. The water temperature rises too high causing overpressurization. A relief valve seems sane, but waiting for a relief valve to vent means the pressure and temperature are already too high, not to forget inefficient and a messy waste of water.
While building the house a relative up the road had discarded an old electric water heater. I yanked the temperature switch and with some magnets, slapped the switch on the boiler back wall. The boiler had an aquastat that I wanted to use to open all zones for a quick heat dump. I wanted the dump to occur at about 195F water temperature. For a few days I tinkered with the switch position on the back wall to estimate the water temperature. Since finding the sweet spot on the back wall, the switch has been working that way for 21 years.
root@gateway:~# lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD/ATI] RX780/RX790 Host Bridge
00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RX780/RD790 PCI to PCI bridge (external gfx0 port A)
00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD790 PCI to PCI bridge (PCI express gpp port A)
00:09.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD790 PCI to PCI bridge (PCI express gpp port E)
00:0a.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD790 PCI to PCI bridge (PCI express gpp port F)
00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode]
00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.1 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0 USB OHCI1 Controller
00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.1 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0 USB OHCI1 Controller
00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 SMBus Controller (rev 3c)
00:14.1 IDE interface: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 IDE Controller
00:14.2 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 Azalia (Intel HDA)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 LPC host controller
00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 PCI to PCI Bridge
00:14.5 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI2 Controller
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor HyperTransport Configuration
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Address Map
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Miscellaneous Control
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Link Control
01:00.0 VGA compatible controller: NVIDIA Corporation GT218 [GeForce 210] (rev a2)
01:00.1 Audio device: NVIDIA Corporation High Definition Audio Controller (rev a1)
02:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
04:00.0 Ethernet controller: Qualcomm Atheros AR8131 Gigabit Ethernet (rev c0)
05:06.0 Network controller: Qualcomm Atheros AR5416 Wireless Network Adapter [AR5008 802.11(a)bgn] (rev 01)
05:07.0 RAID bus controller: Silicon Image, Inc. SiI 3124 PCI-X Serial ATA Controller (rev 01)
root@gateway:~# cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 16
model : 6
model name : AMD Athlon(tm) II X2 260 Processor
stepping : 3
microcode : 0x10000c8
cpu MHz : 3200.029
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc extd_apicid pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt hw_pstate vmmcall npt lbrv svm_lock nrip_save
bugs : tlb_mmatch fxsave_leak sysret_ss_attrs spectre_v1 spectre_v2
bogomips : 6400.05
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 48 bits physical, 48 bits virtual
power management: ts ttp tm stc 100mhzsteps hwpstate
processor : 1
vendor_id : AuthenticAMD
cpu family : 16
model : 6
model name : AMD Athlon(tm) II X2 260 Processor
stepping : 3
microcode : 0x10000c8
cpu MHz : 3200.029
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc extd_apicid pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt hw_pstate vmmcall npt lbrv svm_lock nrip_save
bugs : tlb_mmatch fxsave_leak sysret_ss_attrs spectre_v1 spectre_v2
bogomips : 6400.05
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 48 bits physical, 48 bits virtual
power management: ts ttp tm stc 100mhzsteps hwpstate
It's grossly overpowered for what I ask it to do, but there's a bunch of other crap running on it that you aren't interested in running yourself. Nexus server, dovecot, zoneminder, samba-based NAS, and postgresql (for some damned reason). Even so, it's mostly sitting at a load average of ~0.10.
Quote:
Originally Posted by upnort
So you run a desktop on this system? I'm not being snarky -- just curious.
Well, it's a yard away from my outstretched arm as I type this with a shared keyboard and monitor with my build system. (That's another box that's sitting under the table the gateway sits upon.) I'm almost never logged in but it does boot into runlevel 4. Sometimes it's nice to bring up KDE to check something bizarre. Normally, I just SSH in to do anything to it.
I run gkrellmd (hey, I was at work) as a service on my gateway so that I can use gkrellm on my other machines to watch what's going on.
Also not mentioned earlier, since I'm using FiOS, there's an ActionTec with its own firewall between my gateway and the greater internet.
I'm interested in reading thoughts and caveats from those of you using Slackware as a network gateway system -- router, firewall, DNS, DHCP, VPN, VLANs, etc. Not a file or any other server. Just gateway services.
It's exactly for this purpose I started using Slackware in '96 after a very brief and very sad experience with RedHat. First in a CyberCafe and then while being sysadmin at an ISP, migrated all the services from Windows NT to Slackware Linux and FreeBSD. For some reasons FreeBSD was way faster and more stable in servicing DNS requests at that time, but that's not the case anymore, Linux is working well too.
Due to its simplicity & transparency & versatility (init - rc scripts) I believe Slackware is the best distro to do networking on it and therefore I don't see any caveats. A gateway based on Slackware is pretty much a standard setup for me and I'm constantly doing it ever since '96, must admit I also started to use OpenWRT lately in setups that don't really require a full Linux box.
For a Linux Gateway - Slackware in this case, basically you need to understand, configure and use the services you look after, your friends would be:
- router & QoS - iproute2 utilities - http://tldp.org/HOWTO/Adv-Routing-HOWTO/
- firewall - iptables
- DNS - I strongly suggest unbound (at least as a resolver)
- VPN - OpenVPN rox!
- DHCP, VLANS, AP & co support is already included , just needs setup
Quote:
Originally Posted by upnort
Bare metal? Virtual? How many NICs? Wireless AP (hostapd)? Web browser interfaces to display various stats? QoS?
Definitely bare metal for speed&security reasons and depending on your WAN interface speed - if it's 100MBit and you're targeting a SOHO setup, a Raspberry Pi 2/3 loaded with Slackware ARM will suffice (stay away from the new Raspberry Pi 4 crap - it's just an overheating mess - totally flawed product!)
If you need gigabit connectivity, go for a small 4core Atom MiniPC, you can already find them on amazon starting with $100 (2GB RAM, 16-32GB flash storage and one gigabit NIC - you'll need a second one on USB3).
The number of NICs depends on your use case, you'll need at least two to start with WAN & LAN
.. and I don't see a point in installing more just for sharing the internet connection, better use a managed switch after your gateway for handling the VLANs.
For some simple load & networking stats you could start with Monitorix: https://www.monitorix.org/doc-slackware.html
Quote:
Originally Posted by upnort
I am aware of a few related topics at SlackDocs. I'm not yet interested at that level. Just interested in reading from those already doing this.
As already mentioned, I'm doing this for over 20 years now, lately only for my freelancing activities for the SOHO market (professionally I'm not in the technical domain anymore but in the business/economics) and very happy with Slackware & Networking. Actually, I'm not even using the standard rc.inet* scripts anymore but the ones I created on my own (just simpler & easier to mod).
...
Quote:
To anybody who is curious I am thinking about such a project. I have spare idle computers to prototype although in the long run I would want something more energy efficient. I have been reading a lot about routers. The overwhelming opinion is the firmware in most consumer routers are horrible and more importantly, untrustworthy with zero guarantees of timely security patches. I read the Ars Technica article about building a home router and I thought, "Hmm, I could do that..."
A suggestion: https://openwrt.org/
- I use it myself on (standard) cheap devices in front of the Slackware "Gateway" as a first line of defense, so to speak and for handling the VLANs. It comes with everything you need for a router, including iproute2 & iptables. Look for a compatible router that has at least 8MB flash & 64MB RAM - recommended would be 16/128 and a dual core (there are some cheap - under $100 - dual core Mediatek SoCs available).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
