Further adventures in Firewall upgrades

[DCT Jared Smith]

<rant>
Actually, "further frustrations to follow" is going to frustrate
me, if you post it. Go ahead and post, but can I recommend
that we conserve bandwidth dedicated to complaining, and
use it to make things better? All you're doing is boasting about
how cool you are for remembering the days when Linux could
fit on a floppy disk. Well I'm bored, because this is no way to make
Linux better. I'm not a kernel hacker so I can't do much about
the problems you're pointing out, but I can wish you'd write
about solutions instead of problems. Grump grump grump. I'm
sick and tired of people who are sick and tired. I'm personally
disgusted by the willingness of even oldtime Linux advocates to
turn and rend their own, as if Linux has 'sold out' when only they
actually have. Remember when you used to see these same
problems, and put the 90+ hours into learning how .conf files
worked, and never complain a minute because you were learning?
Well all you're saying below is that you've grown weary of
learning.  For heaven's sake, I walk uphill both ways in the
snow, too. If we've got work to do in Linux, it's fdisking this
whole layer of people who think they're gurus, when all they
do is sit around and grump. Grump. Grump. True gurus enjoy
what they do.

This is the downside of building an OS which is Anti-Microsoft.

What a lame foundation to justify an OS. If you hate Microsoft,
as nearly every Linux user I've ever met does, then all you do
is turn and rend your own project as soon as Microsoft is beaten,
because you have no way to slow the momentum of criticizing,
criticizing, criticizing. When, oh, when, will Linux advocates
advocate by our strengths, rather than by M$ weaknesses?

In other words, "are you getting paid by M$ to spam the LUG
list with complaints about Linux?" Now I know you're not, but,
jeez, you might as well be.

</rant>

-Jared

> Discouraged by all the various services and reconfiguration I would have
to
> add to the Mandrake SNF system, I yanked it out, swapped the new 56x CD
into
> the old firewall system, downloaded, burned, and upgraded RedHat 7.2.
>
> Now I remember why I hadn't just upgraded before.
>
> The initial. upgrade took about four hours.  This included some unattended
> time at an error prompt, some time spent figuring out how to get out of
the
> error loop, and correcting the error.  Much of the time can be attributed
to
> the time it takes for a 133MHz processor with 32M of RAM to deal with the
> RPM Database.  That sucker needs serious work, but will probably be
shuffled
> under given advances in processor speed and RAM size.
>
> Nonetheless, the RPM Database isn't the only victim here - we have serious
> code bloat happening in Linux.  It could be argued that at this point, the
> bloat between the various versions ~6 and the current ~7 - ~8 versions is
> even worse than the bloat between Windows 95 and Windows XP.  People are
> including the kitchen sink, linking to everything under the sun, and
adding
> features without thought.
>
> Clearly, a lot of the development on Linux has moved from the "spare"
> obsolete machines of impoverished students to the hot-rod hobbyist
machines
> of professional coders with cushy jobs or backing.  Programs that should
be
> runnable on a minimal, text-based system are being developed on
> multiprocessor RAM hogs with dual-head graphic displays.  A program that
can
> and does fit in under 100Kb links to the entire X11 system, even though
it's
> command line based.
>
> The initial install error in the RH 6.2 - 7.2 upgrade was that the
> auto-selected packages for upgrade exceeded available space by 42Mb.  I
> carefully weeded out useless things like JPG processors from the list,
then
> discovered that some 400+Mb was accounted for by the Kernel Source.  Well,
I
> had hoped to compile a custom kernel, but maybe now's not the time to try.
>
> Having gotten past that hurdle, the next one was when the machine rebooted
> after the upgrade.  Which brings up another point - isn't one of the big
> complaints about Microsoft that you have to reboot to upgrade?  This
upgrade
> required two reboots, one to launch the upgrade, and one to implement it.
> That, and several to recover from it.
>
> Once the system was back up, I checked for the essential functions,
> connectivity to the Internet, NAT forwarding of internal traffic, DNS.
> First strike: DNS did not recover.  Although a script is provided with the
> (8.2?) version of BIND that's supposed to translate your old config files
to
> the new style, it ignored a simple sequence error ("type" must be the
first
> entry in a zone definition, some other parameter was there), and no DNS.
> That fixed, DNS came back up, but with about six sessions instead of the
> configured single session for my very small network.  That remains to be
> corrected.
>
> Next, the pass-through.  No deal.  netstat -M reports "no support for IP
> masquerading on this system".  Although the IP MASQ HOWTO says that the
new
> kernel 2.4.x IPTABLEs system is reverse-compatible with the old IPCHAINS
> commands, the fact remains that the system isn't running it.  A little
> digging reveals that iptables, as such, isn't installed.  Even once that's
> been corrected, we still get no forwarding.
>
> Work was suspended until Sunday evening due to other major commitments.  A
> bit of further reading in the IP MASQ HOWTO, following it as if setting up
> for the first time, and using the recommended script structure, and we
have
> IP MASQ working.
>
> ESR's fetchmail program, which we had been unable to upgrade due to
linking
> to new libraries that required an upgrade almost this complete, is finally
> accomplished.  I look forward to implementing his spam filters at long
last,
> and hope to cut down on some spurious logging errors.
>
> A brief test seemed to indicate that I would be able to connect to the
> system using SSH from work, and the project was put to bed as a partial
> success.  Further frustrations to follow.
>
>
>
>