Secure and Manage Voyage Linux
Voyage Linux offers Debian's solid manageability in a tiny package. This week we learn how to secure it for remote management and handle packages.
Wired Ethernet interfaces are easy. Just configure them in the usual way, in /etc/network/interfaces. You should do this while your Compact Flash card is still mounted on your Linux PC.
Voyage Linux helpfully includes a set of sample configurations. Suppose you're building an Internet gateway for a small network. You'll have a WAN interface and a LAN interface. Your LAN interface must be a static address, and your WAN address depends on what type of Internet account you have. So let's say your WAN interface is eth0, and the LAN interface is eth1:
#this is required. always include this auto lo iface lo inet loopback #WAN is DHCP auto eth0 iface eth0 inet dhcp #WAN is static (addresses come from your ISP) auto eth0 iface eth0 inet static address 184.108.40.206 gateway 220.127.116.11 netmask 255.255.255.0 #LAN must be static. You assign an address auto eth0 iface eth0 inet static address 192.168.1.50 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255
Now you can install your Compact Flash card on your routerboard, power it up, plug in your LAN port and open an SSH session. The default login is "root" and the default password is "voyage", which you obviously must change right away:
$ ssh email@example.com # remountrw # passwd root # remountro
Voyage is based on Debian Etch, and it uses familiar old apt-get for package management and dependency-resolving. Voyage's filesystem is mounted read-only by default, so you have to change to read/write, make your changes, then change it back to read-only. Installing or removing packages is done with these commands:
# remountrw # apt-get install [package name] # apt-get remove [package name] # remountro
When you're removing a package, adding the --purge option also gets rid of configuration files. Always return the filesystem to read-only to prevent accidental mistakes, and to extend the life of your Compact Flash card.
Just like on Debian, run apt-get update && apt-get upgrade periodically to keep your system up-to-date. And run apt-get clean regularly to remove downloaded packages, to save space.
Now you'll want a nice iptables firewall, both for protection and for sharing an Internet connection. Voyage comes with a script for generating a simple NAT iptables firewall, /usr/local/sbin/nat.sh. It's no good if you're running any public services, but it's fine for protecting a private network with no public services. The way to use it is either create a startup link and run it at boot, or run it from your /etc/network/interfaces, like this:
#WAN address auto eth0 iface eth0 inet static address 18.104.22.168 gateway 22.214.171.124 netmask 255.255.255.0 up nat.sh eth0 eth1 "192.168.1.0/24"
The syntax is nat.sh [nat device] [output device] [network address].