This is the followup post of Router/Network Storage Server. Here I document about the different software used to make my RCN. Here is the different pieces needed.
- Operating System
- Router
- Storage
- Media Server
Operating System
There are two open source choices BSD (FreeBSD) or Linux(ubuntu). After few days of analysis I decided to go with Linux - because in my work I use FreeBSD. In either case I didnt want to use FreeNAS or OpenFiler or anyother ready made distro. Since I am familiar with Ubuntu - I decided to use it - the Ubuntu server version.
File System
Wanted to use ZFS on my main storage disk but it is not available on Linux yet, so decided to go with XFS. EXT3/4 on the boot disk because it is natively supported and no extra package needed. The boot media is 8GB flash disk.
Installation
Since there is no optical disk, installation should be through network or USB. Since most of the Linux distributions supports that I decided to use USB.
- Download ubuntu 10.10 server
- Download universal USB installer
- Create bootable install media using the installer
- Boot the system with boot media - My dual port monitor and wireless keyboards came handy in this situation because I could switch between Windows and Linux installation.
Partitions
Although no data is going to be stored in the boot media, it would be good to have separate partitions to store the config files and home directory. Otherwise re-installation would wipe out all the data.
I chose to create 5 partitions
/ - EXT4 - 2GB
/usr - EXT4 - 2GB
/var - EXT4 - 2GB
/home - EXT4 - 1GB
swap - - 1GB
/usr - EXT4 - 2GB
/var - EXT4 - 2GB
/home - EXT4 - 1GB
swap - - 1GB
Administration
Since this device will run without any Monitor and Keyboard only way to communicate with the system is through network interface. Having SSH access is good but still having a web interface for common administration access is better. Few Linux applications are available for that my choice is Webmin.
How to install webmin on Ubuntu
sudo vi /etc/apt/sources.list
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get update
sudo apt-get install webmin
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get update
sudo apt-get install webmin
After this the machine can be controlled from local network - https://hostname:10000/
Shutdown
Shutting down the system should be easy. Since the storage is connected to the system it cant be power off directly. The file system data should be syncd first. Using command line or web interface is not realistic. So programming the ATX power switch is the only way - acpid does that.
sudo apt-get install acpid
Storage
The goal was to create file based storage which is accessible from my home network. The NAS server should be big enough for atleast next 2 years. It should be fast enough to view videos from it without flickering. It should have hardware fault tolerance. It should have a back up facility.
Space: 1TB is big enough for me.
Speed: Each disk has 64MB cache on board which is sufficient to buffer the read/write operations. RAID 1 can fasten read operations by queuing it on different disks(write it cant.Yet to check how Linux implements this.)
Backup: cron job to write create compressed tars on external disks? Need to explore other better software availability.
Fault Tollernce: RAID (Redundant arrays of inexpensive disks)
Although few of my desktop boards had RAID option in the BIOS menu, I never used it and never explored it.I thought RAID chipsets in a motherboard is equivalent to RAID controllers/adapters. It was one of the decideding factor I favoured for Gigabyte(GA-D425TUD) motherboard with JMicron RAID chipset over Intel(D525MO) motherboard.
After configuring RAID in the BIOS and starting Linux I realized it is not true raid. Because Linux recognized as fakeraid. In simple terms fakeraid is a firmware based RAID. That is all the work is still to be done in software yielding no performance benefit. Advantage of fakeraid is multiple OS which runs on same box can utiltize the same RAID. Since my setup wont have multiboot option, I dont want the fakeraid so decided to go with pure software RAID 0.
- Create software raid using multiple devices(md) interface.
mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda /dev/sdb - The above command will take some time (around 6 hours) because it needs to sync the contents of both disks. While it is doing that the status can be checked by using the following command
cat /proc/mdstat - Then create a XFS file system on the md device
mkfs.xfs /dev/md0 - Store the configuration
mdadm --detail --scan > /etc/mdadm/mdadm.conf - Create mount point and add the mount information in the /etc/fstab
mkdir /mnt/raid
echo "/dev/md0 /mnt/raid xfs defaults 1 2" >> /etc/fstab
After this /mnt/raid can be made accessible to remote machines through either NFS or through Windows File Sharing. For Windows File Sharing samba service needed to installed
sudo apt-get install samba
Use webmin to configure samba “Servers”->”Samba File sharing”. Add the storage mount point here.
Router
The routing functionality is very simple - handle all 3 interfaces with some limitations.
- First interface eth0 is a Gigabit ethernet interface which is directly connected to the a desktop computer.
- Second interface eth1 is a Fast ethernet interface which is directly connected to internet(connected to a ADSL modem).
- Third interface is 802.11n wireless network.
Network and IP
All interfaces are in different networks. All interface should get static interface while booting up. This router should provide dynamic IP to the other machines.
Modify /etc/network/interface
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.100.2
post-up iptables-restore < /etc/iptables.up.rules
up /etc/init.d/dhcp3-server start
#wireless network
auto wlan0
iface wlan0 inet static
address 192.168.2.1
netmask 255.255.255.0
gateway 192.168.100.2
up /etc/init.d/dhcp3-server start
#wan interface
auto eth1
iface eth1 inet static
address 192.168.100.2
netmask 255.255.255.0
gateway 192.168.100.1
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.100.2
post-up iptables-restore < /etc/iptables.up.rules
up /etc/init.d/dhcp3-server start
#wireless network
auto wlan0
iface wlan0 inet static
address 192.168.2.1
netmask 255.255.255.0
gateway 192.168.100.2
up /etc/init.d/dhcp3-server start
#wan interface
auto eth1
iface eth1 inet static
address 192.168.100.2
netmask 255.255.255.0
gateway 192.168.100.1
Modify /etc/dhcp3/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option domain-name-servers 208.67.222.222, 208.67.220.220;
option routers 192.168.1.2;
option broadcast-address 192.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.100 192.168.2.200;
option domain-name-servers 208.67.222.222, 208.67.220.220;
option routers 192.168.2.1;
option broadcast-address 192.168.2.255;
default-lease-time 600;
max-lease-time 7200;
}
range 192.168.1.100 192.168.1.200;
option domain-name-servers 208.67.222.222, 208.67.220.220;
option routers 192.168.1.2;
option broadcast-address 192.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.100 192.168.2.200;
option domain-name-servers 208.67.222.222, 208.67.220.220;
option routers 192.168.2.1;
option broadcast-address 192.168.2.255;
default-lease-time 600;
max-lease-time 7200;
}
Finally enable forwarding in Linux kernel by setting the system tunable "/proc/sys/net/ipv4/ip_forward" to 1
echo 1 > /proc/sys/net/ipv4/ip_forward
To set it during boot set it in /etc/sysctl.conf
Still few work is pending to make the desktop to connect to network - NAT and Firewall.
NAT - Network Address Translation
NAT is required on eth1 to translate addresses on any outgoing packets and incoming packets.
INTIF="eth0"
EXTIF="eth1"
#set default polices and flush
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
#setup NAT
iptables -t nat -F
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
INTIF1="wlan0"
iptables -A FORWARD -i $EXTIF -o $INTIF1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF1 -o $EXTIF -j ACCEPT
iptables -A FORWARD -i $INTIF -o $INTIF1 -j ACCEPT
iptables -A FORWARD -i $INTIF1 -o $INTIF -j ACCEPT
#unblock certain services
#webmin
iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
EXTIF="eth1"
#set default polices and flush
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
#setup NAT
iptables -t nat -F
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
INTIF1="wlan0"
iptables -A FORWARD -i $EXTIF -o $INTIF1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF1 -o $EXTIF -j ACCEPT
iptables -A FORWARD -i $INTIF -o $INTIF1 -j ACCEPT
iptables -A FORWARD -i $INTIF1 -o $INTIF -j ACCEPT
#unblock certain services
#webmin
iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
Wireless
Now it is time to setup the wireless interface. Assuming the wireless are drivers are present in the kernel. The other tool requied is hostapd. hostapd implements IEEE 802.11 access point management.
interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=rcnap
hw_mode=g
channel=11
ieee80211n=1
#ht_capab=[HT40-][SHORT-GI-40]
wpa_pairwise=TKIP CCMP
wpa=1
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=rcnap
hw_mode=g
channel=11
ieee80211n=1
#ht_capab=[HT40-][SHORT-GI-40]
wpa_pairwise=TKIP CCMP
wpa=1
Media Servers
Yet to be filled
Download Manager
Yet to be filled
0 comments:
Post a Comment