February 22, 2012 at 4:49 pm #43288
I was pointed at Zeroshell when I asked about packages for Ubuntu that support fail-over from an Ethernet-attached ADSL net-connection to a 3G mobile broadband dongle.
It seems Zeroshell supports exactly the sort of fail-over I’d like my Ubuntu server to support. As a distribution for a dedicated router, Zeroshell looks superb – but I’d really like to avoid introducing another host just to support fail-over on my small-scale home LAN.
By any chance is the package that supports fail-over for Zeroshell open source and a viable port to Ubuntu?February 22, 2012 at 6:36 pm #52213
There are no headers on the files listing licensing and I don’t recall seeing information on that either in the distribution or on the web site. This is one more thing that Fulvio will need to decide upon before Zeroshell becomes a “real” project. Another is how he will manage contributions from others…
The fail over mechanism in Zeroshell is managed by shell scripts that could, I guess, be ported to other Linux distributions. The problem is that ZeroShell stores its network configuration as lots of little files. So getting things like the IP addresses to ping to check for connectivity would most likely have to be altered to suit your setup.
All in all, you might be better off using the scripts in Zeroshell as an example and then writing your own.
And it is not just porting the script based fail over daemon. At least to do things “right” you’d want a bunch of the code that sets up the routing and filtering tables too. And that gets into things that deal with traffic classification, etc. which may be a bigger scope than you are looking for.
Over the years I have migrated from having one server do everything (sounds like what you are looking at) to having low power reliable boxes dedicated to individual tasks. For me having Zeroshell, or something like it, on a dedicated router box feels safer than having the routing and “enterprise” firewall on the same box as my mail, web, or VoIP servers. Maintenance is easier and I can upgrade or swap out functional components rather than having to deal with changing everything if a single function requires upgrade.February 22, 2012 at 9:10 pm #52214
Yes, I do see where you’re coming from – looking to use an external router would give me more confidence from a security perspective, I guess – as well as simplifying things from a physical network topology perspective. The down-side for me is that I don’t have a spare (low-power) PC and to acquire one just for this purpose does seem excessive. I guess, if there were a very minimal router that I could flash with zeroshell – that might prove a compromise from a hardware perspective.
I realise that I could roll-my-own using shell – and cribbing techniques from existing systems would probably be sensible – but I had hoped to short-circuit all that by just installing a daemon that monitored eth0 – and if it failed for more than 30 seconds – bring up my 3G modem – and alter the routing table; send an alert email… and monitor eth0 for its recovery. I think I’d be happy to trust IPTables as the firewall – especially if the 3G modem would only be used infrequently during ADSL outages. What I’d hoped to find was a polished package that would take care of all the details, the ones I’ve not bothered to consider fully, in a sensible way. So far, I’m drawing a blank – and it looks like I’ll either be writing a Python one – or hacking my own shell scripts.
Thanks for your reply… and – yes – perhaps I would be better off thinking about Running zeroshell on a very minimalist device… Out of interest – what would you suggest? Is the most minimal device I can use something like an ITX PC – or can I go smaller/cheaper without accepting unreliability?February 22, 2012 at 9:44 pm #52215
A ITX PC should work fine. The ones I looked at don’t have enough network ports to make a great router but it sounds like you only really need two ethernet ports and something to plug your 3G modem into.
I am using a couple of Soekris Net5501 boxes, one for ZeroShell and one for AstLinux.
In both cases I am using Compact Flash (CF) cards for the “mass storage” device.
The fit for the Soekris Net5501 is actually a bit better for the AstLinux as that distribution is much better about minimizing writes to disk so the CF cards don’t get worn out. ZS insists on logging lots of stuff to disk which means I accept having to replace the CF card as a regular item. So far I’ve had to do that once in three years.
Current versions of AstLinux have firewall and routing capability in addition to telephony. And there is an Asterisk package available for ZeroShell. So in theory I could eliminate one of the two boxes, but so far I see no reason to. ZS is easy to manage as a firewall and router while the older version of AstLinux I have is hard to manage as a firewall and router but easy (for Asterisk) to manage as a phone system.
You must be logged in to reply to this topic.