|
Size: 5427
Comment: amend gateway setup related instructions
|
Size: 5759
Comment: improve gateway setup related instructions
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 65: | Line 65: |
| sed -i '/post-up/d' /etc/network/interfaces | |
| Line 66: | Line 67: |
| echo 'dns-nameservers 10.0.2.2' >> /etc/network/interfaces echo 'dns-domain intern' >> /etc/network/interfaces |
|
| Line 68: | Line 71: |
| rm -f /etc/dhcp/dhclient-exit-hooks.d/hostname rm -f /etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update rm -f /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert |
rm -f /etc/dhcp/dhclient-exit-hooks.d/hostname rm -f /etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update rm -f /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert rm -f /etc/network/if-up.d/wpad-proxy-update sed -i 's/domain-name,//' /etc/dhcp/dhclient-debian-edu.conf sed -i 's/domain-search,//' /etc/dhcp/dhclient-debian-edu.conf |
| Line 73: | Line 79: |
| sed -i 's#NAT=#NAT="10.0.0.0/8"#' /etc/default/enable-nat | sed -i 's#NAT=#NAT="10.0.0.0/8"#' /etc/default/enable-nat |
Requirements
Contents
There are different ways of setting up a Skolelinux solution. It can be installed on just one standalone PC, or as a region-wide solution at many schools operated centrally. This flexibility makes a huge difference to the configuration of network components, servers and client machines.
Hardware requirements
The purpose of the different profiles is explained in the network architecture chapter.
If LTSP is intended to be used, take a look at the LTSP Hardware Requirements wiki page.
- The computers running Debian Edu / Skolelinux must have either 32 bit (Debian architecture 'i386', oldest supported processors are 686 class ones) or 64 bit (Debian architecture 'amd64') x86 processors.
- Thin clients with only 256 MiB RAM and 400 MHz are possible, though more RAM and faster processors are recommended.
For workstations, diskless workstations and standalone systems, 1500 MHz and 1024 MiB RAM are the absolute minimum requirements. For running modern webbrowsers and LibreOffice at least 2048 MiB RAM is recommended.
- The minimum disk space requirements depend on the profile which is installed:
- combined main server + LTSP server: 60 GiB (plus additional space for user accounts).
- LTSP server: 40 GiB.
- workstation or standalone: 30 GiB.
- LTSP servers need two network cards when using the default network architecture:
- eth0 is connected to the main network (10.0.0.0/8),
- eth1 is used for serving LTSP clients.
- Laptops are movable workstations, so they have the same requirements as workstations.
Hardware known to work
A list of tested hardware is provided at https://wiki.debian.org/DebianEdu/Hardware/ . This list is not nearly complete 
https://wiki.debian.org/InstallingDebianOn is an effort to document how to install, configure and use Debian on some specific hardware, allowing potential buyers to know if that hardware is supported and existing owners to know how get the best out of that hardware.
Requirements for network setup
Default Setup
When using the default network architecture, these rules apply:
- You need exactly one main server, the tjener.
- You can have hundreds of workstations on the main network.
- You can have a lot of LTSP servers on the main network; two different subnets are preconfigured (DNS, DHCP) in LDAP, more can be added.
- You can have hundreds of thin clients and/or diskless workstations on each LTSP server network.
- You can have hundreds of other machines which will have dynamic IP addresses assigned.
- For access to the Internet you need a router/gateway (see below).
Internet router
A router/gateway, connected to the Internet on the external interface and running on the IP address 10.0.0.1 with netmask 255.0.0.0 on the internal interface, is needed to connect to the Internet.
The router should not run a DHCP server, it can run a DNS server, though this is not needed and will not be used.
In case you already have a router but are unable to configure it as needed (eg because you are not allowed to do so, or for technical reasons), an older computer with two network interfaces can be turned into a gateway between the existing network and the Debian Edu one.
A simple way is to install Debian Edu on this computer; select 'Minimal' as profile during installation.
After the installation:
- Adjust the /etc/network/interfaces file.
- Change the hostname permanently to 'gateway'.
- Remove superfluous scripts.
- Enable IP forwarding and NAT for the 10.0.0.0/8 network.
- As an option install a firewall and / or a traffic shaping tool.
#!/bin/sh # Turn a system with profile 'Minimal' into a gateway/firewall. # sed -i 's/auto eth0/auto eth0 eth1/' /etc/network/interfaces sed -i '/eth1/ s/dhcp/static/' /etc/network/interfaces sed -i '/post-up/d' /etc/network/interfaces echo 'address 10.0.0.1' >> /etc/network/interfaces echo 'dns-nameservers 10.0.2.2' >> /etc/network/interfaces echo 'dns-domain intern' >> /etc/network/interfaces hostname -b gateway hostname > /etc/hostname rm -f /etc/dhcp/dhclient-exit-hooks.d/hostname rm -f /etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update rm -f /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert rm -f /etc/network/if-up.d/wpad-proxy-update sed -i 's/domain-name,//' /etc/dhcp/dhclient-debian-edu.conf sed -i 's/domain-search,//' /etc/dhcp/dhclient-debian-edu.conf service networking stop service networking start sed -i 's#NAT=#NAT="10.0.0.0/8"#' /etc/default/enable-nat service enable-nat restart # You might want a firewall (shorewall or ufw) and traffic shaping. #apt update #apt install shorewall # or #apt install ufw #apt install wondershaper
If you need something for an embedded router or accesspoint we recommend using OpenWRT, though of course you can also use the original firmware. Using the original firmware is easier; using OpenWRT gives you more choices and control. Check the OpenWRT webpages for a list of supported hardware.
It is possible to use a different network setup (there is a documented procedure to do this), but if you are not forced to do this by an existing network infrastructure, we recommend against doing so and recommend you stay with the default network architecture.