Suggestions on where to start.
-
- Offline
- 4 years 2 months ago
- 2014-01-15
Hello, I'd just like to say that Alpine is pretty awesome in terms of how you guys do package management. Everything works well on that side and I am pleasantly surprised by that :). So many distro's you end up in a war with the package manager, I can tell apk is put together well and that will not happen.
I am not really new to Linux ( My Website is http://cuttingedgelinux.com and I have a youtube channel ) but I am pretty new to Linux Networking and I am starting a personal project. One reason is to learn so I am no longer a newbie to Linux Networking, Another is because I recently got a job that allows me a great deal of freedom and I would like to maximize the usage of this freedom through creating my own network. I work security at a college and I am allowed to access their internal network on my downtime for entertainment or other work.
I bought a Acer C7 Chromebook as the client, The ram has already been upgraded to 6GB from 2GB and the SSD will soon be updated to 120GB from 16GB so I can run a crouton chroot or possibly in the future replace Chrome OS with a Linux version of some variety, Depending on how much I like the chroot switching setup.
Here are some of the things I am looking to set up in a Virtual Box network, I would like your opinion on the best place to start in terms of both software and NIC setup, Extra suggestions of things that come to mind a may be useful is also welcome.
Ill start with the things I'd like Alpine to do and then move onto tasks seperate boxes will do.
1) Squid Proxy Server (not sure if transparent or not is the most appropriate), I would also like access to this service on my home LAN to speed up things such as updating my other distro's. I've done a remix of my distro and not having to redownload the software every time I do an ISO build would be very useful, this I also do in a vbox instance.
2) My own cloud - Would be nice to have my own cloud for personal use only. :)
3) A VPN of some sort, I've done a little bit of research on this and I think freelan is the best alternative because it is entirely browser based as a client, this means even if I am simply using Chrome OS I can connect. I know this does not come in Alpine by default but it is supposed to be pretty easy to compile anyways.
4) A Firewall - Security is important and I am not too experienced with Linux Firewalls, I can make a router do pretty much anything I want though. I'd like to expand this limited knowledge into something more useful, acf and awall seem interesting but the documentation for setup on both is relatively lacking at the moment. In your opinion what would be the best firewall solution for me?
Next are the other machines on the network, These probably wont be running Alpine.
1) An IRC box running Quassel or Weechat to allow relay so I can securely connect to IRC at work. This may be able to be put on the Alpine box depending on if I can get Weechat working correctly with the relay and qweechat, I have not been able to yet. Both ends say connected but it does not actually do anything for me, the lighter alternative is more desireable but I will use the heavier solution if I just cannot get the lighter solution to work.
2) At least one production environment for working on my remix(s) while at work, currently it is one but I have been thinking of expanding it to more recently. Connecting to these via RDP is relatively simple in vbox, you just give it a remote port and you are good to go. Would using RDP on the distro be a better solution for this setup or I suppose I could have some firewalling rules to forward some ports back onto the lan and the host through the bridge to utilize the vbox setup.
Onto the actual networking portion, I think it is appropriate to have Alpine be the DMZ since it is running the majority of the services and all traffic is already going to be hitting it. Of course I want to forward ports here and there where needed.
The production boxes are going to be on a network of thier own and seperate from other traffic, they do not need access to the other side of the network where the IRC box is and the IRC box should not have access to them. They should access the Proxy and pull already downloaded packages from there though, as should the other machines on my network.
I am thinking the proper NIC solution is something of this sort: NIC 1 Bridge to the outside world. NIC 2 - Production Network. NIC 3 - Other services such as IRC and whatever else I come up with at a later time that would be useful and requires access from the outside world.
I tried smoothwall and I had nothing but issues with it, Someone suggested having a fourth NIC in place there but to me for networking conventions it does not neccessarily make sense where it did in SWE because it seems to operate on its own set of rules. I was going to end up having Alpine as the DMZ there as well.
Thank you in advance for your assistance, I'll probably need a bunch of it. But through your help in this project I will do my best to give back and help make Alpine more known, popular and something users want to use as a better solution to the 'easy' stuff that actually makes it more difficult like smoothwall. I think something like this would be an interesting topic for some articles/videos once it is completed. Perhaps helping out on the wiki as well if I have the time.
Hello edge226,
this is a belated reply, sorry.
1) For Squid just take a look at http://wiki.alpinelinux.org/wiki/Setting_up_Transparent_Squid_Proxy and http://wiki.alpinelinux.org/wiki/Setting_up_Explicit_Squid_Proxy
2) Presumably you mean OwnCloud? http://wiki.alpinelinux.org/wiki/OwnCloud
3) Freeswan seems fairly popular, but I've not had time to experiment with VPN's yet.
4) Why not try AWall? http://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall and http://wiki.alpinelinux.org/wiki/Alpine_Wall and http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide - this is something else I've not got around to testing yet!