More specialty Linuxes to the rescue
- — 25 February, 2009 08:19
Defining rules for packet shaping is a little more involved and requires an understanding of entities m0n0wall refers to as "pipes" and "queues." Basically, a pipe is a restriction on bandwidth. A queue lets you specify how "flows" -- packets with a common characteristic, such as the same source IP address -- share that bandwidth. The online documentation points to a short essay on the subject, which is worth reading before you try your hand at building shaping rules.
The creators of m0n0wall envisioned a straightforward firewall system and therefore deliberately kept the distribution small. Currently, m0n0wall can fit on a 16MB CompactFlash card. This means that some facilities have been omitted. For example, you won't find a proxy server, intrusion detection, an FTP server, a Web server, and so forth. On a m0n0wall-protected intranet, such services would run on separate hardware.
Nevertheless, m0n0wall's simplicity is its strength. It is easy to set up and maintain. Documentation boasts setup times of less than 15 minutes, which is about how long it took me.
OpenFiler is a SAN/NAS appliance based on rPath Linux. According to its creator, OpenFiler actually began life atop Fedora Linux, moved to CentOS, and final settled on rPath, attracted by that Linux's impressive package-management environment. OpenFiler can operate at either the SAN or NAS level -- or both simultaneously.
OpenFiler's feature set is impressive. It provides drivers for a wide array of peripheral busses: It can talk to disk drives on IDE, SAS, SATA, SCSI, or iSCSI interfaces. If you need RAID, OpenFiler is compatible with hardware from Adaptec, LSI Logic, Intel, and others. Further, it can handle file systems up to 60TB in size. Its supported Ethernet controllers include Fast, Gigabit, and 10 Gigabit controllers from Intel and Broadcom. In spite of these bounteous capabilities, its actual processor and memory requirements are modest. A standard x86 system with 256MB of RAM, 1GB of disk space for the OS image, and at least one Ethernet card is all you need to get going.
There's not much to see in the console when you boot an OpenFiler system. You can log in to the console or through SSH and execute Linux commands in case you need to modify boot scripts and configuration files. But as with m0n0wall and IPCop, management of OpenFiler is through the administration user GUI hosted on a built-in Web server. (If you need access to shell commands, the GUI provides a secure shell terminal via a Java applet.)
The tabbed administration GUI leads you to sections wherein you can configure several components. Among them are users and groups. This requires you to select either LDAP or Windows as the authentication system. If you don't have a Windows server available, OpenFiler comes with the open source OpenLDAP server.