explain the gateway's use case in a more detailed way.
tell this case better from the previous one.
|Deletions are marked like this.||Additions are marked like this.|
|Line 48:||Line 48:|
|The router should not run a DHCP server, it can run a DNS server, though this is not needed and will not be used.
|Line 77:||Line 79:|
|The router should not run a DHCP server, it can run a DNS server, though this is not needed and will not be used.|
|Line 79:||Line 80:|
|If you are looking for a router firewall solution capable of running on an old PC, we recommend [[http://www.ipcop.org|IPCop]] or [[http://www.zelow.no/floppyfw|floppyfw]].||In case you are looking for a complete router firewall solution capable of running on an old PC, we recommend [[http://www.ipcop.org|IPCop]] or [[http://www.zelow.no/floppyfw|floppyfw]].|
There are different ways of setting up a Skolelinux solution. It can be installed on just one standalone PC, or as a region-wide solution at many schools operated centrally. This flexibility makes a huge difference to the configuration of network components, servers and client machines.
The purpose of the different profiles is explained in the network architecture chapter.
- The computers running Debian Edu / Skolelinux must have either 32 bit (Debian architecture 'i386', oldest supported processors are 686 class ones) or 64 bit (Debian architecture 'amd64') x86 processors.
- At least 2 GiB RAM for 30 clients and 4 GiB RAM for 50-60 clients are recommended for the main and LTSP server profiles.
- Thin clients with only 64 MiB RAM and 133 MHz on 32 bit processors are possible, though 256 MiB RAM or more and faster processors are recommended.
Swapping over the network is automatically enabled for LTSP clients; the swap size is 512 MiB, and if you need more you can tune this by editing /etc/ltsp/nbdswapd.conf on tjener to set the SIZE variable.
- If your diskless workstations have hard drives, it is recommended to use them for swap as it is a lot faster than network swapping.
For workstations, diskless workstations and standalone systems, 800 MHz and 512 MiB RAM are the absolute minimum requirements. For running modern webbrowsers and LibreOffice 1024 MiB RAM is recommended.
On workstations with little RAM the spell checker might cause LibreOffice to hang if the swap space is also too small. If this happens frequently the spell checker can be disabled by system administrators.
- The minimum disk space requirements depend on the profile which is installed:
- combined main server + LTSP server: 70 GiB. As usual with disk space on a main server, "the bigger the better".
- LTSP server: 50 GiB.
- workstation or standalone: 30 GiB.
- LTSP servers need two network cards when using the default network architecture:
- eth0 is connected to the main network (10.0.0.0/8),
eth1 is used for serving LTSP clients (192.168.0.0/24 as default), but others are possible.
- Laptops are movable workstations, so they have the same requirements as workstations.
Hardware known to work
A list of tested hardware is provided at http://wiki.debian.org/DebianEdu/Hardware/ . This list is not nearly complete
http://wiki.debian.org/InstallingDebianOn is an effort to document how to install, configure and use Debian on some specific hardware, allowing potential buyers to know if that hardware is supported and existing owners to know how get the best out of that hardware.
An excellent database of hardware supported by Debian is online at http://kmuto.jp/debian/hcl/.
Requirements for network setup
When using the default network architecture, these rules apply:
- You need exactly one main server, the tjener.
- You can have hundreds of workstations on the main network.
- You can have a lot of LTSP servers on the main network; two different subnets are preconfigured (DNS, DHCP) in LDAP, more could be added.
- You can have hundreds of thin clients and/or diskless workstations on each LTSP server network.
- You can have hundreds of other machines which will have dynamic IP addresses assigned.
- For access to the Internet you need a router/gateway (see below).
A router/gateway, connected to the Internet on the external interface and running on the IP address 10.0.0.1 with netmask 255.0.0.0 on the internal interface, is needed to connect to the Internet.
The router should not run a DHCP server, it can run a DNS server, though this is not needed and will not be used.
In case you already have a router but are unable to configure it like needed (not allowed to, technical reasons), a system with two network interfaces could be turned into a gateway if the Debian Edu 'Minimal' profile is installed.
After the installation:
- Adjust the /etc/network/interfaces file.
- Change the hostname permanently to 'gateway'.
- Enable IP forwarding and NAT for the 10.0.0.0/8 network.
- As an option install a firewall and / or a traffic shaping tool.
#!/bin/sh # Turn a system with profile 'Minimal' into a gateway/firewall. # sed -i 's/auto eth0/auto eth0 eth1/' /etc/network/interfaces sed -i '/eth1/ s/dhcp/static/' /etc/network/interfaces echo 'address 10.0.0.1' >> /etc/network/interfaces echo 'netmask 255.0.0.0' >> /etc/network/interfaces hostname -b gateway hostname > /etc/hostname service networking stop service networking start sed -i 's#NAT=#NAT="10.0.0.0/8"#' /etc/default/enable-nat service enable-nat restart # You might want a firewall (shorewall or ufw) and traffic shaping. #apt update #apt install shorewall # or #apt install ufw #apt install wondershaper
If you need something for an embedded router or accesspoint we recommend using OpenWRT, though of course you can also use the original firmware. Using the original firmware is easier; using OpenWRT gives you more choices and control. Check the OpenWRT webpages for a list of supported hardware.
It is possible to use a different network setup (there is a documented procedure to do this), but if you are not forced to do this by an existing network infrastructure, we recommend against doing so and recommend you stay with the default network architecture.