Differences between revisions 6 and 7
Revision 6 as of 2020-04-15 16:11:53
Size: 5427
Editor: ?WolfgangSchweer
Comment: amend gateway setup related instructions
Revision 7 as of 2020-04-16 20:36:51
Size: 5759
Editor: ?WolfgangSchweer
Comment: improve gateway setup related instructions
Deletions are marked like this. Additions are marked like this.
Line 65: Line 65:
 sed -i '/post-up/d' /etc/network/interfaces
Line 66: Line 67:
 echo 'dns-nameservers' >> /etc/network/interfaces
 echo 'dns-domain intern' >> /etc/network/interfaces
Line 68: Line 71:
 rm -f /etc/dhcp/dhclient-exit-hooks.d/hostname 
 rm -f /etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update 
 rm -f /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert 
 rm -f /etc/dhcp/dhclient-exit-hooks.d/hostname
 rm -f /etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
 rm -f /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert
 rm -f /etc/network/if-up.d/wpad-proxy-update
 sed -i 's/domain-name,//' /etc/dhcp/dhclient-debian-edu.conf
 sed -i 's/domain-search,//' /etc/dhcp/dhclient-debian-edu.conf
Line 73: Line 79:
 sed -i 's#NAT=#NAT=""#' /etc/default/enable-nat   sed -i 's#NAT=#NAT=""#' /etc/default/enable-nat


There are different ways of setting up a Skolelinux solution. It can be installed on just one standalone PC, or as a region-wide solution at many schools operated centrally. This flexibility makes a huge difference to the configuration of network components, servers and client machines.

Hardware requirements

The purpose of the different profiles is explained in the network architecture chapter.

(!) If LTSP is intended to be used, take a look at the LTSP Hardware Requirements wiki page.

  • The computers running Debian Edu / Skolelinux must have either 32 bit (Debian architecture 'i386', oldest supported processors are 686 class ones) or 64 bit (Debian architecture 'amd64') x86 processors.
  • Thin clients with only 256 MiB RAM and 400 MHz are possible, though more RAM and faster processors are recommended.
  • For workstations, diskless workstations and standalone systems, 1500 MHz and 1024 MiB RAM are the absolute minimum requirements. For running modern webbrowsers and LibreOffice at least 2048 MiB RAM is recommended.

  • The minimum disk space requirements depend on the profile which is installed:
    • combined main server + LTSP server: 60 GiB (plus additional space for user accounts).
    • LTSP server: 40 GiB.
    • workstation or standalone: 30 GiB.
  • LTSP servers need two network cards when using the default network architecture:
    • eth0 is connected to the main network (,
    • eth1 is used for serving LTSP clients.
  • Laptops are movable workstations, so they have the same requirements as workstations.

Hardware known to work

A list of tested hardware is provided at https://wiki.debian.org/DebianEdu/Hardware/ . This list is not nearly complete :)

https://wiki.debian.org/InstallingDebianOn is an effort to document how to install, configure and use Debian on some specific hardware, allowing potential buyers to know if that hardware is supported and existing owners to know how get the best out of that hardware.

Requirements for network setup

Default Setup

When using the default network architecture, these rules apply:

  • You need exactly one main server, the tjener.
  • You can have hundreds of workstations on the main network.
  • You can have a lot of LTSP servers on the main network; two different subnets are preconfigured (DNS, DHCP) in LDAP, more can be added.
  • You can have hundreds of thin clients and/or diskless workstations on each LTSP server network.
  • You can have hundreds of other machines which will have dynamic IP addresses assigned.
  • For access to the Internet you need a router/gateway (see below).

Internet router

A router/gateway, connected to the Internet on the external interface and running on the IP address with netmask on the internal interface, is needed to connect to the Internet.

The router should not run a DHCP server, it can run a DNS server, though this is not needed and will not be used.

In case you already have a router but are unable to configure it as needed (eg because you are not allowed to do so, or for technical reasons), an older computer with two network interfaces can be turned into a gateway between the existing network and the Debian Edu one.

A simple way is to install Debian Edu on this computer; select 'Minimal' as profile during installation.

After the installation:

  • Adjust the /etc/network/interfaces file.
  • Change the hostname permanently to 'gateway'.
  • Remove superfluous scripts.
  • Enable IP forwarding and NAT for the network.
  • As an option install a firewall and / or a traffic shaping tool.

 # Turn a system with profile 'Minimal' into a gateway/firewall. 
 sed -i 's/auto eth0/auto eth0 eth1/' /etc/network/interfaces
 sed -i '/eth1/ s/dhcp/static/' /etc/network/interfaces
 sed -i '/post-up/d' /etc/network/interfaces
 echo 'address' >> /etc/network/interfaces
 echo 'dns-nameservers' >> /etc/network/interfaces
 echo 'dns-domain intern' >> /etc/network/interfaces
 hostname -b gateway
 hostname > /etc/hostname
 rm -f /etc/dhcp/dhclient-exit-hooks.d/hostname
 rm -f /etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
 rm -f /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert
 rm -f /etc/network/if-up.d/wpad-proxy-update
 sed -i 's/domain-name,//' /etc/dhcp/dhclient-debian-edu.conf
 sed -i 's/domain-search,//' /etc/dhcp/dhclient-debian-edu.conf
 service networking stop
 service networking start
 sed -i 's#NAT=#NAT=""#' /etc/default/enable-nat
 service enable-nat restart
 # You might want a firewall (shorewall or ufw) and traffic shaping.
 #apt update
 #apt install shorewall
 # or
 #apt install ufw
 #apt install wondershaper  

If you need something for an embedded router or accesspoint we recommend using OpenWRT, though of course you can also use the original firmware. Using the original firmware is easier; using OpenWRT gives you more choices and control. Check the OpenWRT webpages for a list of supported hardware.

It is possible to use a different network setup (there is a documented procedure to do this), but if you are not forced to do this by an existing network infrastructure, we recommend against doing so and recommend you stay with the default network architecture.