Secure and Manage Voyage Linux
Voyage Linux offers Debian's solid manageability in a tiny package. This week we learn how to secure it for remote management and handle packages.
Last weekwe installed Voyage Linux on a Compact Flash card. Today we'll learn basic package management, set up networking, and build a basic firewall that allows remote SSH administration.
Wired Networking
Wired Ethernet interfaces are easy. Just configure them in the usual way, in /etc/network/interfaces. You should do this while your Compact Flash card is still mounted on your Linux PC.
Voyage Linux helpfully includes a set of sample configurations. Suppose you're building an Internet gateway for a small network. You'll have a WAN interface and a LAN interface. Your LAN interface must be a static address, and your WAN address depends on what type of Internet account you have. So let's say your WAN interface is eth0, and the LAN interface is eth1:
#this is required. always include this auto lo iface lo inet loopback #WAN is DHCP auto eth0 iface eth0 inet dhcp #WAN is static (addresses come from your ISP) auto eth0 iface eth0 inet static address 12.34.56.78 gateway 12.34.56.1 netmask 255.255.255.0 #LAN must be static. You assign an address auto eth0 iface eth0 inet static address 192.168.1.50 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255
Delete whichever WAN configuration you're not going to use, and you might want to label the physical ports and cables so you always know which one is which.
Now you can install your Compact Flash card on your routerboard, power it up, plug in your LAN port and open an SSH session. The default login is "root" and the default password is "voyage", which you obviously must change right away:
$ ssh root@192.168.1.50 # remountrw # passwd root # remountro
Software Management
Voyage is based on Debian Etch, and it uses familiar old apt-getfor package management and dependency-resolving. Voyage's filesystem is mounted read-only by default, so you have to change to read/write, make your changes, then change it back to read-only. Installing or removing packages is done with these commands:
# remountrw # apt-get install [package name] # apt-get remove [package name] # remountro
When you're removing a package, adding the --purgeoption also gets rid of configuration files. Always return the filesystem to read-only to prevent accidental mistakes, and to extend the life of your Compact Flash card.
Just like on Debian, run apt-get update && apt-get upgrade periodically to keep your system up-to-date. And run apt-get cleanregularly to remove downloaded packages, to save space.
Firewall
Now you'll want a nice iptables firewall, both for protection and for sharing an Internet connection. Voyage comes with a script for generating a simple NAT iptables firewall, /usr/local/sbin/nat.sh. It's no good if you're running any public services, but it's fine for protecting a private network with no public services. The way to use it is either create a startup link and run it at boot, or run it from your /etc/network/interfaces, like this:
#WAN address auto eth0 iface eth0 inet static address 12.34.56.78 gateway 12.34.56.1 netmask 255.255.255.0 up nat.sh eth0 eth1 "192.168.1.0/24"
The syntax is nat.sh [nat device] [output device] [network address].
- 1
- 2
- Next Page »