Today, I finally got rid of my Windows Server 2008 trial server. No point in “trialing” this thing any more — Windows kept killing itself by paging out vital system services despite plenty of memory being available, created unkillable phantom processes and the firewall system in Windows Server 2008 is a class of itself in terms of unusability (<– I think I just created that word :))
My Gentoo Linux 2008.0 x64 install went extremely smooth. The install CD recognized my networking settings, PPPoE dial-in took just a few minutes to get working after launching the SSH daemon, I could conveniently install the system using PuTTY on my Vista box, allowing me to cross-reference the installation guide and playing some games during the longer tasks.
I still don’t have any idea how people get their linux kernels trimmed down — I simply don’t know what options I really need and which just sound like I might be needing them. Thus, I went ahead and selected any device drivers that sounded like my hardware, then added the most likely options for raid, vpn, ppp and routing.
After GRUB was installed (which was a lot easier this time around since I’ve only got one boot partition - the server hosting my blog uses two boot partitions on different hard drives as a fail-safe mechanism), the kernel booted, networking was working and basically everything just did what it should.
Amusing fact: my Corsair memory modules have LED indicators on them that display the current memory bandwidth similar to a volume indicator in a stereo. With Windows Server 2008 idling away, the LEDs were wildly flicking between 50% and 75% load. Now with linux idling, only one lonely LED (out of 20) is lit up.
It took me some time to get NAT (IP masquerading) working and I’m still not sure I got my iptables configuration right. The examples I could find on the net all had some confusing and from my limited knowledge erroneous rules in them, so I decided to try it myself. This is what I’ve come up with:
# Generated by iptables-save v1.3.8 on Sat Jul 19 16:00:29 2008 *filter # According to man, there are three "chains" # INPUT = Packets from outside with a destination on this machine # FORWARD = Packets being routed by this machine # (happens when another machine in the network has this machine # configured as its gateway) # OUTPUT = Packets being sent from this machine # # These are the default rules. They will only apply if a packet makes it # through our rule maze without matching any rule we set up. # :INPUT ACCEPT [158:13292] :FORWARD DROP [4:224] :OUTPUT ACCEPT [1123:117012] # -------------------------------------------------------------------------- # # INPUT (packets destined for this machine) # Allow all packets originating from the local network to reach this # machine. This in effect means we trust anyone in the intranet. # -A INPUT -s 192.168.124.0/24 -j ACCEPT # Of course, we will also accept packets we sent to ourselves. # -A INPUT -s 127.0.0.1 -j ACCEPT # This lets any connections, once established, keep running without # forcing the packets through all the rules we set up. # -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Here would be the place to local open ports in your firewall. To allow # a web server running on this macine to be contacted from the internet # using your ppp0 adapter, use this example: # #-A INPUT -i ppp0 -p tcp -m state --state NEW --dport 80 -j ACCEPT #-A INPUT -i ppp0 -p tcp -m state --state NEW --dport 443 -j ACCEPT # All other packets are rejected -A INPUT -j REJECT --reject-with icmp-port-unreachable # -------------------------------------------------------------------------- # # FORWARDING (packets being routed through this machine) # Allow any packets from the local network to be routed to # the internet connection on ppp0 # -A FORWARD -s 192.168.124.0/24 -o ppp0 -j ACCEPT # Allow any packets coming in from the internet connection on ppp0 to # be routed to the local network -A FORWARD -i ppp0 -d 192.168.124.0/24 -j ACCEPT #-A FORWARD -i eth0 - #-A FORWARD -s 192.168.124.0/24 -m state --state NEW -j ACCEPT COMMIT # Completed on Sat Jul 19 16:00:29 2008 # -------------------------------------------------------------------------- # # NAT # Generated by iptables-save v1.3.8 on Sat Jul 19 16:00:29 2008 *nat :PREROUTING ACCEPT [38:2923] :POSTROUTING ACCEPT [31:2379] :OUTPUT ACCEPT [40:3005] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Sat Jul 19 16:00:29 2008 # Generated by iptables-save v1.3.8 on Sat Jul 19 16:00:29 2008 *mangle :PREROUTING ACCEPT [3568:275800] :INPUT ACCEPT [3564:275576] :FORWARD ACCEPT [4:224] :OUTPUT ACCEPT [3551:635930] :POSTROUTING ACCEPT [3551:635930] COMMIT # Completed on Sat Jul 19 16:00:29 2008
I’m currently recompiling the entire system to make sure the stage3 packages match my compiler settings. That will probably take a few hours, after which I will proceed to set up Samba, MySQL, Apache, KDE and, ultimately, 3D acceleration and Unreal Tournament 2004 
Recent Comments