I refrained myself from posting anything, except the food challenge, last week. Basically so that the food challenge was nice and consecutive. Most of the stuff I thought: Gee I might post about that; is no longer something I feel like writing about.

But I can’t go past this one: I installed a Ubuntu 9.04 [...]]]>

I refrained myself from posting anything, except the food challenge, last week. Basically so that the food challenge was nice and consecutive. Most of the stuff I thought: Gee I might post about that; is no longer something I feel like writing about.

But I can’t go past this one: I installed a Ubuntu 9.04 Virtual Machine (Under VirtualBox). After some updates the login screen changed to the following. Put simply: I like it. No frills, no fuss.

I just spent an hour trying to figure out why I could run firefox over ssh from two remote offices but not from a third. The DISPLAY variable was not set when I connected with:
ssh -X user@host

Turns out that xauth is not installed by default (on Ubuntu Server). I vaguely remember figuring [...]]]>

I just spent an hour trying to figure out why I could run firefox over ssh from two remote offices but not from a third. The DISPLAY variable was not set when I connected with:
ssh -X user@host

Turns out that xauth is not installed by default (on Ubuntu Server). I vaguely remember figuring that out before but never documenting it. So now I have.

It is almost guaranteed that the upcoming Windows 7, which I’m beta testing tomorrow, the ongoing developments of OS X and the expanding percentage of X11 desktops will bring forth an abundance of articles, lists, and flame wars on how one or the other is a killer for the rest. Just like this piece.

I’ve just uploaded a new tutorial to the Tutorials page on MultiWAN Routing with a Linux server (direct link).

At work recently, to meet our growing on-the-go connection demands, we got hold of some of the Optus Wireless USB modems. The rebadged Huawei E220. In the spirit of my previous posts on Telstra NextG under Linux, I want to use these with Linux. They are natively supported in recent kernels which is great [...]]]>

At work recently, to meet our growing on-the-go connection demands, we got hold of some of the Optus Wireless USB modems. The rebadged Huawei E220. In the spirit of my previous posts on Telstra NextG under Linux, I want to use these with Linux. They are natively supported in recent kernels which is great news. There were a few gotchas with Ubuntu 8.04 though.

Gotcha 1
It seems in there is a bug in the airprime module in the kernel I am running. There is a bug report for the error and fortunately an easy enough fix.
$ uname -ar
Linux pegasus 2.6.24-19-generic #1 SMP Wed Jun 18 14:15:37 UTC 2008 x86_64 GNU/Linux

To fix you need to blacklist the airprime module so it does not load. This of course is only until a proper code fix / new kernel is released. You can read about how to black list here. You will need to unplug / replug the device after removing the module and blacklisting.

Gotcha 2
I use pppconfig and the associated pon / poff / plog commands to dial up. There are graphical programs available but the CLI ones are so much quicker for me: plug in modem, open terminal, run pon optus, use connection.

In the case of the Next G device pppconfig managed to create a working set of ppp scripts. Unfortunately that wasn’t the case for the OWB device. Here are the ppp and chat scripts I am using the connect:

cat /etc/ppp/peers/optus
hide-password
noauth
connect "/usr/sbin/chat -v -f /etc/chatscripts/optus"
/dev/ttyUSB0
115200

user ppp
password ppp

noipdefault
replacedefaultroute
defaultroute
persist
noauth
usepeerdns

user ppp
password ppp

debug
local
novj
nodeflate
nobsdcomp
passive

holdoff 5
lcp-echo-interval 0
crtscts

AND

cat /etc/chatscripts/optus
TIMEOUT 3
ABORT BUSY
ABORT 'NO CARRIER'
ABORT VOICE
ABORT 'NO DIALTONE'
ABORT 'NO DIAL TONE'
ABORT 'NO ANSWER'
ABORT DELAYED
"" ATZ

OK AT&FE0Q0V1
OK 'AT+CGDCONT=1,"IP","Connect"'

OK ATDT*99***1#
TIMEOUT 30
CONNECT ""

Happy interneting!

Tonight at LOGIN the topic is Virtualisation. I’ve spent the last week playing with KVM to virtualise some of our servers at work. So the meeting topic will be interesting from the point of view of comparing technologies to that end. However, I have also been asked to briefly discus KVM.

KVM is [...]]]>

Tonight at LOGIN the topic is Virtualisation. I’ve spent the last week playing with KVM to virtualise some of our servers at work. So the meeting topic will be interesting from the point of view of comparing technologies to that end. However, I have also been asked to briefly discus KVM.

KVM is essentially comprised of two components. A Linux kernel module, more on this later, and a userspace application that uses the kernel module to provide a virtual machine. The userspace application is a fork of QEMU. I would actually suggest KVM’s QEMU and the real QEMU are parallel developments of QEMU; and not a literal fork. Yet.

At work we had 7 servers all running with (on average) under 10% utilisation. Needless to say that is chewing through power and hardware in ways that we don’t need to as a NFP. Anyway we recently got two new servers so I’ve been virtualising the 7 down to 2. I’ll post the write up I’m preparing for LOGIN when it’s done which will details the howto information.

As mentioned before in Next G over LAN my phone line has a high signal attenuation, too high for me to get ADSL. Essentially this means there is too much copper cable between the exchange and my house. I need some form of broadband at home so I turned to wireless. The 3G HSDPA [...]]]>

As mentioned before in Next G over LAN my phone line has a high signal attenuation, too high for me to get ADSL. Essentially this means there is too much copper cable between the exchange and my house. I need some form of broadband at home so I turned to wireless. The 3G HSDPA networks provide the speed I need, and the UTMS 850Mhz network from Telstra (i.e. Next G) has coverage for where I live. So I’m using Next G for home internet.

Recently there have been several questions how I got this working. This post goes through the steps in more detail. In fact I reinstalled SmoothWall myself last night to upgrade to the official version 3.0 release so I wrote this as I went.

UPDATE JUNE 2009: See comments about using the “Option Driver” instead of Airprime – Airprime is, since 2.6.27, deprecated. The Option Driver does not require patching.

At home Prue and I have two laptops, a media server, and a few other random computers that I sometimes use. In any given time at least two computers will want access to the internet. With a typical Ethernet router this wouldn’t matter the router would NAT both computers and let them share the connection. With a USB modem only one computer can be connected at a time, because the modem can only be attached to one computer at a time. Unfortunately the only modems Telstra/Bigpond supply have USB connections.

SmoothWall is a custom Linux distribution that, in very basic terms, does the job of the Ethernet router. SmoothWall comes in two forms; a) the Express edition which is free; and b) a commercial version which is not. I am using the Express edition in this how-to. Using SmoothWall I can dial up my Next G connection and SmoothWall will perform NAT for all computers on the LAN. All that remains is to successfully configure SmoothWall to actually dial out over the USB modem.

Can it be done? Yes. Does it work out of the box? Sort of. As explained on http://quozl.netrek.org/bp3-usb/ the modem works with the usbserial kernel module but only at speeds of up to 60Kbps (kilobits) which is not much better than dial up. However the modem also works, and at full speed, with a patched version of the airprime module. There’s a catch: firstly the airprime module is not compiled into the SmoothWall kernel by default so the kernel must be recompiled, and even if it was, to patch the airprime module you would need to recompile your kernel. Compiling a kernel can be somewhat of a daunting prospect.

But, it certainly works. And for me speed wise; on average from a reliable server we get down speeds of 275KB/s (kilobytes) which is faster than standard 1.5Mbps ADSL and the E1 (2Mbps) link at work. With a recent firmware upgrade theoretical speeds should approach 3Mbps (~385Kbps) but I haven’t done the firmware upgrade so I can’t verify that. These figures of course will depend on the signal strength and the server you are accessing – the same can, generally, be said for ADSL.

Note: SmoothWall also has other features such as POP3 virus scanning, Intrusion Detection and a few other fancy bits and bobs. You can look at them in your own time.

On with the show: How to setup SmoothWall

What you need:

• A computer to run SmoothWall on: I am using an old P3 866 however, in the past, I have used P2 400′s and even 486 machines for LAN gateways. Keep in mind that for USB modems you need a USB port so a 486 might not be so great. You will also need a 5GB or greater hard drive that you are willing to format.
• A Maxon USB Modem: There are two options (see photos). Personally I use the blue powered device as it was slightly cheaper to buy, and from memory offered better plans. However we have several of the orange USB stick devices at work. They both work the same.
• SmoothWall Express 3.0 Developer Edition. You must get the Developer Edition – you need some of the tools that come with it.
• A copy of the Linux kernel source code (get the tar.bz2 it’s smaller).
• Some experience with the Linux command line.
• I use vi for editing, SmoothWall doesn’t have anything else installed. I suggest learning the basics of vi now.
• Time and Patience! Work through this at a comfortable pace. Ignoring the kernel compile (which takes a long time on older computers) I can setup a box in a little under 40 minutes. Don’t try and match my pace, learn what you are doing.
• Read some of the quick introductions to SmoothWall. Pay close attention to what GREEN (safe), PURPLE (untrusted/wireless), ORANGE (dmz), and RED (internet/unsafe) networks are.
• A working internet connection is also useful.

Device Photos

Step 0: Preparation

1. Download SmoothWall Express 3.0 Developer Edition.
2. Burn the ISO as an image to a CD.
3. Put the burnt CD into your intended SmoothWall computer and power it up.
4. Note: You need to tell your computer to boot from CD; this is a bios setting.

Step 1a: Installing

1. A welcome screen will be displayed, hit enter/return to begin the install.
2. You should receive a few warning messages that your hard drive will be formatted. Press the OK buttons.
3. You will see a message about the drive being partitioned and then some file systems being created. Wait.
4. Once the file systems have been created SmoothWall will begin installing files. Once again: Wait.
5. When the Congratulations screen is displayed you can remove the CD and click OK. I’m assuming most people don’t have back up settings, as this is a first install, but if you do enter the disk and let SmoothWall do its thing. Otherwise select No.

Step 1b: Configuration

1. You keyboard layout is up to you, but I chose US; if you have a pound symbol UK is also an option.
2. Your machines Hostname is the name you want your SmoothWall computer to have on the LAN. I use smoothwall (the default) because that’s what best describes the machine, at least IMO.
3. I use an Open default security policy. Once again, choose something appropriate to your needs.
4. At the Network configuration menu choose: Network configuration type. Select “GREEN (RED is modem/ISDN)” unless you have a non-basic LAN, in which case you should have an idea which choice to make. For example: If you have an open wireless access point you may choose “GREEN + PURPLE (RED is modem/ISDN)” and make the PURPLE component be your wireless clients.
5. At the Network configuration menu choose: Drivers and card assignments. Select probe. When each card is detected assign it to a network interface (i.e. GREEN or PURPLE or ORANGE). I have one network card in my SmoothWall box which I assign as the GREEN interface.
6. At the Network configuration menu choose: Address settings. Configure the GREEN interface appropriately for your network. I use IP Address 192.168.1.5 with a Network Mask of 255.255.255.0.
7. If you chose a multiple network type (i.e. GREEN + PURPLE) repeat the above for each other interface. You may also need to manually probe for the extra network device using the Drivers and card assignments menu item. Don’t worry about DNS and Gateway settings. Next G essentially amounts to dial up – so these are provided/set at connection.
8. At the Section menu the only option we are concerned with is the DHCP server configuration. If you are running another DHCP server on your LAN (I am using my Ethernet router as a LAN switch it has a DHCP server) I recommend disabling it and using SmoothWall’s DHCP server. Or reconfigure your DHCP server to set clients default gateway to your SmoothWall IP.
9. In the DHCP server configuration check Enabled and then enter your desired values. If you have a small network the defaults should be fine.

When you’re ready select Finished.

Step 1c: Passwords

1. Select sensible passwords: a combination of upper and lower case, numbers, and punctuation is recommended. Of course the letter q will also work.
2. Don’t use the same password for the admin and root users. The admin password will be sent as plain text over your network when using the standard web interface (you can use ssl to mitigate this if you need/want).

Press OK to reboot the machine and watch while SmoothWall boots.

Step 2: The Hard Stuff

1. Get a copy of the Linux kernel source onto your SmoothWall computer. WinSCP is useful if you downloaded on a Windows machine, or plain scp if on a *nix OS. SCP uses SSH to transfer files across a network – so first you will need to enable SSH. Visit http://:81 in your browser login with your admin user name and password. Under Services->Remote Access check SSH and click save. Now you can access the box as root over ssh/scp. Note: The SSH port is 222 by default. If you wish to change that edit /usr/etc/sshd_config. I have changed mine with no ill effects but … I have no idea if that will break something.
2. Login as the root user.
3. Extract the kernel source:
   cd /usr/src
tar xjf /path/to/linux-2.6.22.9.tar.bz2 # replace with the appropriate version

4. Patch the kernel source:
   vi linux-2.6.22.9/drivers/usb/serial/airprime.c # replace with the appropriate version

   1. Quick word on vi: to insert text press i then type your text, when done hit esc. To save and exit: ZZ or :wq
   2. You want to add the line starting with a + (roughly line 22)
      { USB_DEVICE(0x0c88, 0x17da) }, /* Kyocera Wireless KPC650/Passport */
{ USB_DEVICE(0x1410, 0x1110) }, /* Novatel Wireless Merlin CDMA */
+ { USB_DEVICE(0x16d8, 0x6280) }, /* Maxon BP3-USB 3G Bigpond Telstra */
{ },

5. Configure the kernel
   cd linux-2.6.22.9 # replace with appropriate version
make menuconfig

   • Configuring a kernel is documented in many places I’m not going to duplicate that here.
   • There are a few things you definitely need to set though:
     • Networking->Networking Options->Network packet filtering framework (Netfilter)
       1. Say YES to everything under Core and IP Netfilter Configuration.
       2. It might not all be necessary but it saves working out what is.
     • Networking->Networking Options
       • Say YES to IP: advanced router
       • Say YES to IP: tunneling
       • Say YES to IP: TCP syncookie support
     • Device Drivers->Network device support
       • Make sure your device is selected.
       • Say YES to PPP (point-to-point) support
       • Say YES to everything that shows up below PPP support
     • Device Drivers->USB Support->USB Serial Converter support
       • Say YES to USB Serial Converter support
       • Say YES to USB AirPrime CDMA Wireless Driver
     • Optional: Under General give a local version append “nextg”
     • Optional: Turn off CPU Frequency Scaling if not supported/needed
   • There are many other kernel options you may want to investigate, but that should get you started.
   • You might want to consider making some parts into kernel modules (hit M instead of Y).
6. Save the config in a file called “.config” (without the quotes) and then compile. Note this will take some time:
   make
make modules_install

7. When the kernel has finished compiling
   cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.22.9-nextg
vi /etc/lilo.conf

   • You need to change the line
     default=SmoothWall
to
default=SW-NextG

   • Add the following two lines at the end (note the second should be intended i.e. hit the tab key)
     image=/boot/vmlinuz-2.6.22.9-nextg
label=SW-NextG

   • Save and run: lilo

• You MUST run: lilo – THIS IS IMPORTANT – Don’t reboot until lilo runs and exits without any errors.
• Reboot the computer: reboot
• On boot up you should see your new kernel selected in the boot menu (i.e. LILO’s menu). If something goes wrong and the kernel does not boot properly, hit the reset button and choose the old kernel from the boot menu. Once booted reconfigure your new kernel to resolve the problem(s) and try again. Remember each time you change the kernel image or /etc/lilo.conf you should run: lilo.

Step 3: Device Testing

• Once your new kernel is running login as root and run:
  dmesg | tail

• Plug in your USB modem and re-run the above, all going well you should see something like
  usb 1-2: new full speed USB device using uhci_hcd and address 2
usb 1-2: configuration #1 chosen from 1 choice
usbcore: registered new interface driver usbserial
drivers/usb/serial/usb-serial.c: USB Serial support registered for generic
usbcore: registered new interface driver usbserial_generic
drivers/usb/serial/usb-serial.c: USB Serial Driver core
drivers/usb/serial/usb-serial.c: USB Serial support registered for airprime
airprime 1-2:1.0: airprime converter detected
usb 1-2: airprime converter now attached to ttyUSB0
usb 1-2: airprime converter now attached to ttyUSB1
usb 1-2: airprime converter now attached to ttyUSB2
airprime 1-2:1.1: airprime converter detected
usb 1-2: airprime converter now attached to ttyUSB3
usb 1-2: airprime converter now attached to ttyUSB4
usb 1-2: airprime converter now attached to ttyUSB5
airprime 1-2:1.2: airprime converter detected
usb 1-2: airprime converter now attached to ttyUSB6
usb 1-2: airprime converter now attached to ttyUSB7
usb 1-2: airprime converter now attached to ttyUSB8
usbcore: registered new interface driver airprime

• If you don’t get something like this make sure you patched properly and that you did select AirPrime when configuring the kernel. If still no luck after that then Google and email are your friends. I know, I know. That is indicative of Linux how-to material. However, I have, deliberately, left some big holes, big enough to drive a barn through, in the kernel compile section; there could be any number of reasons something went wrong.

Step 4: Patching SmoothWall Web Interface

• SmoothWall doesn’t really know about /dev/ttyUSB* devices, so we need to add them manually so we can configure through the web interface.
• There are two files I want to change: /httpd/cgi-bin/pppsetup.cgi and /usr/bin/smoothwall/writedhcp.pl. The first controls the PPP settings page. The second generates a DHCP config file. If you are not running DHCP Server on your SmoothWall computer then you can ignore the second file.
• Note: Don’t actually write the +/- characters: + is add this line; – is remove/replace this line
• vi /http/cgi-bin/pppsetup.cgi
  • Search (hint: hit / and then type the search string) for ttyS3
  • Change this line:
    - unless ($pppsettings{'COMPORT'} =~ /^(ttyS0|ttyS1|ttyS2|ttyS3|isdn1|isdn2|pppoe|adsl)$/) {
+ unless ($pppsettings{'COMPORT'} =~ /^(ttyS0|ttyS1|ttyS2|ttyS3|ttyUSB3|isdn1|isdn2|pppoe|adsl)$/) {

  • Add a line after this:
    selected{'COMPORT'}{'ttyS3'} = '';
+ selected{'COMPORT'}{'ttyUSB3'} = '';

  • Add a line after this:
    <option VALUE='ttyS3' $selected{'COMPORT'}{'ttyS3'}>$tr{'modem on com4'}
+ <option VALUE='ttyUSB3' $selected{'COMPORT'}{'ttyUSB3'}>NextG Wireless

• vi /usr/bin/smoothwall/writedhcp.pl
  • Search for max-lease-time and add after this:
    print FILE "\tmax-lease-time $maxleasetime;\n";
+ print FILE "\tauthoritative;\n";


Reboot the computer again.

Step 5: Configuring the Next G Dialer

1. Login to the web interface as admin again.
2. Under Services->Time check the Timezone and Time are correct.
3. Under the Maintenance menu select Passwords: Specify a password for the dial user. The dial user can connect / disconnect but not configure SmoothWall.
4. Create a new connecton: Networking->PPP
   Name: NextG
Interface: NextG Wireles
Number: *99#
Username: YOUR USERNAME
Password: YOUR PASSWORD
Method: PAP or CHAP

5. Do a test dial.
6. Fingers crossed after 5 seconds SmoothWall should come back saying you are connected.

All Done
You should now have a working SmoothWall Express Next G Gateway for your LAN. If something is not working I suggest adding the following to to /etc/ppp/options and then running tail -f /var/log/messages and watch what happens when you try and connect. I’ll try my best to respond to email queries but some problems can’t be solved without sitting down at the machine.
# Add to /etc/ppp/options to increase log file output
debug
dump


I hope this has been helpful.

I use a laptop as my primary computer at both work and home – and I like using Linux as a Desktop OS. However the one thing that has bugged me for many years is the difficulties experienced when attaching an external monitor. Today with the release of Xorg 7.3 there is support [...]]]>

I use a laptop as my primary computer at both work and home – and I like using Linux as a Desktop OS. However the one thing that has bugged me for many years is the difficulties experienced when attaching an external monitor. Today with the release of Xorg 7.3 there is support for hotplugging external monitors. Of course this is the first iteration of the support so, as they say, the proof will be in the pudding; but I have high hopes.

On a similar note the KDE 4.0-beta2 has been released. KDE 4.0 is looking to be very promising. All I need now is for yesterdays announcement about Linux ATI drivers and my on order hp8510p will look very nice – who needs functionality if your desktop looks pretty?

I’ve spent the last week or so comparing options for how I could share the new shiny NextG connection between the various computers that Prue and I have. The wireless modem has a usb connection, so it doesn’t really work well for a LAN. However with a little patience you can easily configure a Linux [...]]]>

I’ve spent the last week or so comparing options for how I could share the new shiny NextG connection between the various computers that Prue and I have. The wireless modem has a usb connection, so it doesn’t really work well for a LAN. However with a little patience you can easily configure a Linux gateway and firewall machine to dial up the modem and then perform NAT just like any ADSL router would. In fact this is how I shared ADSL way back in 2001 when routers were expensive.

Initially that is all I did, installed Ubuntu 7.04 and ran pppd manually, however that isn’t exactly a Prue friendly option. But it was a proof that one can connect Linux to the NextG network. I followed the instructions here, essentially you:

1. Patch the airprime driver in the kernel source and compile a new kernel.
2. Restart your machine and load the airprime module – I actually compiled it into the kernel and not as a module but feel free to do which ever way suits you.
3. Configure a ppp dialing profile called NextGWireless (you can choose any name you like). I used pppconfig. It is all fairly straight forward just make sure you choose CHAP authentication and use /dev/ttyUSB3 as the device. PAP won’t finalise the connection and chat just doesn’t connect full stop.
4. Issue the command: pon NextGWireless dump nodetach
5. Your NextG connection should be up and running swap to another console login and test. Swap back to the original console and Ctrl+C the pon command to kill off the connection. Later you can connect with pon NextGWireless and then run poff to disconnect.

That worked and the speeds were reasonable. But as mentioned Prue isn’t exactly a Linux shell junkie. So I decided to investigate some of the packages that are browser interface driven. I have looked at four different options:

1. Webmin – talking to the original Ubuntu install.
2. eBox – a customised Debian distribution.
3. Smoothwall – gateway and firewall distribution.
4. IPCop – a fork of Smoothwall but essentially the same thing.

I can’t really pass judgment on Webmin as this was the first package I tried and always intended to blow it away to try the others. So if you are familiar with Webmin (which I am not) then it may suit your needs. I also needed to be able to invoke the ppp session from the browser interface, it was not immediately clear if I could do that with Webmin, but I wouldn’t be surprised if you can.

Each of the others I have “tried” and at the end of the day I am running SmoothWall Express 3.0-degu-i386. Note: Smoothwall 3 is beta. I am also running the Developer edition because the kernel needs to be recompiled after patching the airprime driver. I also needed to modify some of the Smoothwall interface code to recognise a USB modem.

IPCop was fairly promising – it and Smoothwall have a lot in common still – however IPCop only comes with a 2.4 version of the Linux kernel which supports neither the usbserial or airprime drivers nor were any compilers or development tools installed to build a 2.6 kernel. And that is not even touching the issues with migrating from 2.4 to 2.6 – which from memory were pretty weird , but that is going back to when 2.5 was being developed.

eBox was promising, the interface is very schmick and the usbserial driver works out of the box. Unfortunately eBox had issues I could not resolve. Firstly you have to manually dial the connection from the shell – at this stage I was willing to teach Prue how to do that. And secondly airprime needed to be patched and the kernel recompiled, which I did, but I could not get it to boot properly. Besides being stuck using the usbserial driver (which limits connection speed to 60KB/s due to the data transfer architecture used) I had problems with the eBox firewall and proxy. I could not access GMail and other random sites for example slashdot worked but digg.com didn’t, works website was accessible but not the Linux server running ssh (even from a console on the eBox machine). I tried disabling all the content filtering and proxying and then nothing worked.

If I was on a cabled connection and needed to filter content eBox would have been superb, but for my needs it is still a little kludgey. I intend to check back with eBox in a few years as it definitely shows promise.

Onto Smoothwall. I tried version 2 – its a no goer only has a 2.4 kernel and upgrades were pretty much out of the question. Which left me with using the version 3 beta. Personally I don’t mind using beta software and in this case I wouldn’t really call it beta as in “unstable” but beta as in “still being feature refined”. Anyway, as I said earlier I downloaded the Developer edition of Smoothwall Express (it’s free as opposed to the other versions), installed, and rebooted. Note: Choose GREEN (modem / ISDN is RED) as the network.

I already had a copy of the 2.6.22 kernel source code so I used WinSCP to copy the source tar ball to the new Smoothwall machine, logged in with ssh, performed the airprime patch, configured, compiled, updated lilo.conf, ran lilo (IMPORTANT: you must run lilo before rebooting when you update your lilo.conf file), and rebooted. Around 30 seconds later I had a working machine which recogised the wireless modem and I could dial using /dev/ttyUSB3 (as above).

Now the fun starts. Unfortunately after getting all of the above done I discovered that Smoothwall doesn’t really look for USB modems which almost made me cry, everything else worked wonderfully. Fortunately Smoothwall is more or less a GPL product and the web interface is perl cgi code. There are two modifications I made: 1) Updated pppsetup to allow for USB modems; and 2) Updated DHCP to be authoritative for the range.

Using the web interface enable ssh access and then ssh into the Smoothwall machine, remember to use port 222 when connecting.

1) Edit /httpd/cgi-bin/pppsetup.cgi – Everywhere you see ttyS3 put an identical line but use ttyUSB3. Except where you read $tr{‘modem on com*’} replace that with: NextG Modem

2) Edit /usr/bin/smoothwall/writedhcp.pl – Add the line: print FILE "\tauthoritative;\n"; after the line which prints out max-lease-time roughly line 130.

Now go back to your Smoothwall web interface and configure your connection to dial on the USB modem: Same settings as before and use PAP or CHAP as the authentication method. If you then go back to the control panel on the home page and hit connect it should dial and Smoothwall will manage the firewall changes and everything.

That’s all there is. Plug your Smoothwall box into a LAN switch and connect your other machines to it. Set the Smoothwall IP as the gateway address for your network and you should be able to access the internet from any machine. You can also enable the DHCP server on Smoothwall and it will tell machines automatically.

I know that the above is pretty raw, so if you are reading this and have questions please ask them.

I just completed a set of speed tests to include here
Download: 1510kbps average, 1913kbps peak (which is faster than the old wired connection)
Upload: 105kbps average, 175kbps peak (which is a little lower than the 384kbps specified but I don’t really mind, I’m not going to be uploading much since uploads are counted traffic)

Performance wise I’m happy and Prue has demonstrated herself capable of hitting the web interface, logging into Smoothwall as the dial user and clicking the connect button. So its a win win. And honestly I’ve enjoyed the new toy, it’s sad not having the cheap cabled competitive prices, but this is kind of fun too.

The servers here at work run a version of Windows Server. While personally I’m not a fan of running Windows as a server OS, working in a team, means working in a team. Anyway, there is considerable machine and network load with the current infrastructure, which we are fixing. New servers, reorganise the LAN a [...]]]>

The servers here at work run a version of Windows Server. While personally I’m not a fan of running Windows as a server OS, working in a team, means working in a team. Anyway, there is considerable machine and network load with the current infrastructure, which we are fixing. New servers, reorganise the LAN a bit, allocate resources across more machines. All fairly generic. This post is about postfix though.

The current mail server has a per-user license cost and the spam and virus filtering is labour intensive. My preference would be to run Postfix with Spamassasin and ClamAV under Linux, as described (for starters): here and here. Unfortunately, at least in this instance, postifx doesn’t run under Windows. We would like to get away from paying the licensing costs, so I decided to see if I could run postfix and a Windows server concrurrently.

I should probably point out at this junction that I have no idea how high a mail load this option can really work for, nor do I feel like spaming myself to see. If you are running a mail server with thousands of customers then either learn to administer *nix, or, find a mail server that runs under Windows.

QEMU is a generic and open source machine emulator and virtualizer which will run linux as an emulated OS with near native speeds for the physical hardware. So, the plan is: to setup qemu running under Windows and install a guest Linux version and then setup postfix on the guest.

1. You can get QEMU for Windows from here. You should also download the kqemu accelerator (note this is a tar.gz file 7-zip or WinRAR are your friends).
2. Extract the QEMU zip file to some directory, I used C:\qemu but you can choose anything.
3. Extract the accelerator archive and find the kqemu.inf file; right-click it and select install. Note: If you are running Vista (like me on the laptop where I set this up for testing) then this will not work. You need to do some other stuff: Download this inf file and also get this registry fix. Copy the inf file into the kqemu accelerator directory and do the right-click install. Then import the registry fix into your registry. Restart if you feel the need. These fixes come from the QEMU Forum.
4. You need to start the kqemu accelerator service before running qemu: net start kqemu will do that. Once again Vista is different. The command is the same but it must be run from a console window acting as administrator. Right-click on the command prompt icon and select “Run as administrator”.
5. QEMU is now ready to be used.
6. Download any ISO image(s) you need to install the distribution of Linux you want to run.
7. Create a disk image: qemu-img.exe create -f qcow2 postfix.img 5G (create a 5G disk with the qcow2 qemu file system).
8. To start qemu change to the qemu directory and run: qemu.exe -L . -cdrom C:\qemu\install.iso -boot d -hda postfix.img -net nic,vlan=1 -net user,vlan=1 -kernel-kqemu.
9. Work through the install of the selected distribution. You should also now work through the either of the two postfix virtual mail host setups linked above.
10. When you have finished installing and are ready to reboot: qemu.exe -L . -hda postfix.img -kernel-kqemu -net nic,vlan=1 -net user,vlan=1 -tcp 25:10.0.2.15:25 – this will forward all incoming connections to the host on port 25 to port 25 on the guest. XP/Vista will ask you to confirm that you want to allow the port to be used make sure you allow it.

That should be it. In all honesty the setup I will be deploying if this path is chosen will probably use SQLite running inside the virtual machine and storing the mail outside via a network share or similiar. Or since there are database servers running on the LAN pointing postfix to them across the network. Do not feel limited to the constraints of the virtual host mail setups.

If you try this please note that the network proxying done by qemu (at least the way described above) only supports TCP and UDP packets. So, for example, you will not be able to ping the outside world, but hey, it’s running under another host os where that will still work.

If you try this out yourself or have some extra ideas to improve performance feel free to leave a comment. If we decide to actually implement this for a live system I will do some benchmarking for performance and write more about it then.