[IOML] Life in the Isle of Man LUG?

Tue Jan 27 21:38:52 GMT 2004

Hi all,

Long time since there's been any messages...I do note there's quite a bit
of recent Linux interest on the manx.net forums though, so I guess I'm not
the only Linux user left here :-)

So for the first message of 2004, some fun things I've done with Linux in
2003...

1. User Mode Linux - i.e. virtualization. I changed the organization of my
server a bit, mainly to help in terms of security. I've turned one
physical box into a virtual network. A bit like IBM does with LPARs on VM
mainframes, just on a small scale.

I split the box into five separate User Mode Linux instances. The host
system does nothing but run these and route network traffic to/from them
(each UML has a public IP address) and act as a firewall. Four of the
virtual machines are 'production' (one is a web server, the other does
shell and SMTP, another is a DNS server, and the fourth is a
differently-configured webserver to allow FrontPage extensions (which I
wanted to keep separate from everyone else). The fifth is for testing and
trying to break).
The challenge is that two of the virtual machines need to share a file
system. The only way to do this seems to be using NFS at the moment
unfortunately. I'd prefer something a little lighter weight, especially
since the two machines share the same piece of hardware.

Unexpected benefits was that when the web server VM got Slashdotted (not
by Slashdot, but by a pilot's union members all simultaneously hitting a
dynamic site at the smae time), the shell and DNS VMs remained responsive.
In the old, all-on-one setup, when there were 200 Apache instances, your
shell would be completely starved of resources (indeed, you couldn't log
in to see whether the machine had crashed!)

There are some overheads to splitting the physical box this way, but they
seem worth it. (I've since persuaded the pilot's union to go for a
dedicated server rather than a shared system so they get all the CPU time
to themselves, and they need it! Also, the site's developer has done a lot
of work making the scripts less CPU-heavy).

2. IPv6. My sites are now all IPv6 enabled. The servers run Debian, and it
required adding the IPv6 Debian project to apt.sources, then an apt-get
update/upgrade to get the IPv6 enabled versions of Apache, ssh etc.

I had some weirdness at home when setting up IPv6. My server network works
perfectly, but my home network doesn't. My machines all have unique IPv6
addresses, and access to the IPv6 internet via the BTexact tunnel borker,
my current ADSL system running as the IPv6 router (as well as IPv4 NAT
box). The weirdness comes that from my workstation, although I can ssh or
browse across IPv6 fine, ping6 fails with 'Destination host unreachable'
if I try to ping the router or an external machine. Traceroute6 fails in
the same way. However, from the router, I can ping6 my workstation! I'm
wondering if my cheap-o Netgear switch might have anything to do with
this.

3. Games. I'm far too addicted to RTCW:ET which runs great under Linux. I
had a dream about disarming landmines the other night.

4. Living with OpenBSD. I've also tried the BSD world. I've found that
OpenBSD makes a fine border security system. OpenBSD's documentation is
something that Linux should try and live up to - I could understand pf and
pf.conf by reading the manpage and I didn't have to dive for HOWTOs or
Google Groups to try and figure out what to do.

With that said, I think we really are due another IOMLUG beerfest^W meet
soon.

-- 
Dylan Smith, Port St Mary, Isle of Man    | Code fast, crash young and
Flying: http://www.dylansmith.net         | leave a beautiful core.
FFE/Elite Universe: http://www.alioth.net |             -- JK (#afe)