Home » debian » Page 5

debian

Network infrastructure for a small office

We talked earlier this week about servers, and undoubtedly some more questions will come up, but let’s go ahead and talk about small-office network infrastructure.
Cable and DSL modems are affordable enough that any small office within the service area of either ought to get one. For the cost of three dialup accounts, you can have Internet service that’s fast enough to be worth having.

I’ve talked a lot about sharing a broadband connection with Freesco, and while I like Freesco, in an office environment I recommend you get an appliance such as those offered by Linksys, US Robotics, D-Link, Netgear, Siemens, and a host of other companies. There are several simple reasons for this: The devices take up less space, they run cooler, there’s no need to wait for them to boot up in case of power failure or someone accidentally unplugging it, and being solid state, theoretically they’re more reliable than a recycled Pentium-75. Plus, they’re very fast and easy to set up (we’re talking five minutes in most cases) and very cheap–under $50. When I just checked, CompUSA’s house brand router/switch was running $39. It’s hard to find a 5-port switch for much less than that. Since you’ll probably use those switch ports for something anyway, the $10-$20 extra you pay to get broadband connection sharing and a DHCP server is more than worth your time.

My boss swears that when he replaced his Linksys combo router/100-megabit switch with a much pricier Cisco combo router/10-megabit switch, the Cisco was faster, not only upstream, but also on the local network. I don’t doubt it, but you can’t buy Cisco gear at the local office supply store for $49.

For my money, I’d prefer to get a 24-port 3Com or Intel switch and plug it into a broadband sharing device but you’ll pay a lot more for commercial-grade 3Com or Intel gear. The cheap smallish switches you’ll see in the ads in the Sunday papers will work OK, but their reliability won’t be as high. Keep a spare on hand if you get the cheap stuff.

What about wireless? Wireless can save you lots of time and money by not having to run CAT5 all over the place–assuming your building isn’t already wired–and your laptop users will love having a network connection anywhere they go. But security is an issue. At the very least, change your SSID from the factory default, turn on WEP (check your manual if it isn’t obvious how to do it), and hard-code your access point(s) to only accept the MAC addresses of the cards your company owns (again, check your manual). Even that isn’t enough necessarily to keep a determined wardriver out of your network. Cisco does the best job of providing decent security, but, again, you can’t buy Cisco gear at your local Staples. Also, to make it easier on yourself, make sure your first access point and your first couple of cards are the same brand. With some work, the variety pack will usually work together. Like-branded stuff always will. When you’re doing your initial setup, you want the first few steps to go as smoothly as possible.

I’d go so far as to turn off DHCP on the wireless segment. Most wardrivers probably have the ability to figure out your network topology, gateway, and know some DNSs. But why make life easier for them? Some won’t know how to do that, and that’ll keep them out. The sophisticated wardriver may decide it’s too much trouble and go find a friendlier network.

Why worry about wireless security? A wardriver may or may not be interested in your LAN. But that’s one concern. And while I don’t care if someone mooches some bandwidth off my LAN to go read USA Today, and I’d only be slightly annoyed if he used it to go download the newest version of Debian, I do care if someone uses my wireless network to send spam to 250,000 of his closest friends, or if he uses my wireless network to visit a bunch of child porn or warez sites.

Enough about that. Let’s talk about how to wire everything. First off, if you use a switched 100-megabit network, you can just wire everything together and not give much thought to anything. But if you’re using hubs or wireless to connect your desktops, be sure to put your servers on 100-megabit switch ports. The servers can then talk to each other at full speed if and when that’s necessary. And a switch port allows them to talk at full speed to a number of slower desktop PCs at once. The speed difference can be noticable.

Finally–GPL antivirus for Linux

Clamav is a free (GPL) virus scanner for Linux and other Unix systems. It seems to work well. The price is right.
There are very few viruses for Linux, so few that most people don’t waste their time with virus scanning. But if the machine is acting as a server for clients that are vulnerable to viruses–cough–Windows–cough–it’s a good idea to have antivirus software on your server, just so you know your clients are safe.

Debian packages are in Sarge and Sid. Source can be downloaded and built from the link above. Once it becomes better known, it should appear in RPM distributions such as Red Hat in time.

It’s just a scanner, but if it finds an infected file, you can clean it manually with free tools you download elsewhere. Clamav will take care of alerting you, the price is right, and the platform’s right. It’s always been hard to find antivirus software for Linux of any sort, so Clamav is a welcome addition to the family.

We’ll talk a lot more about servers in the coming days.

End of the road for CD burners?

I know it wasn’t more than a couple of months ago that I read the Taiwanese manufacturers of CD burners and media were leery about going above 48X. And now Asus has released a 52X burner. There’s a very favorable review here.
So now the fastest write speeds have reached parity with the fastest read speeds, which means burning a 650-meg disc (with this drive, at least) takes two and a half minutes. Rewrite speeds are at 24X, which doesn’t sound as impressive, but is very nice.

Not everyone needs this drive. I burn CDs rarely enough that I’m perfectly happy with my 20X unit (in fact, I’ve still got a quarter-spindle of CDs that will only burn at 12X). Personally, I’m more interested in rewrite speeds than in write speeds these days, since most of the stuff I burn is stuff like Linux CDs with a shelf life measured in months. In two years I won’t give a rip about Debian 2.2 or 3.0, so it’s nice to be able to erase and reuse old discs rather than keeping them around, taking up space.

But people’s needs vary. I’m sure some people are very excited about this drive.

Since I keep drives until they either die or are too slow for me use them and keep my sanity anymore (I have a Sony 2X unit and a Yamaha 20x10x40x unit, both in working order, which should tell you something), I’m definitely going to wait for a 52x52x52x unit. Maybe the industry will surprise us with a 56X write speed, but they’re not going to get much higher. At these speeds, the CDs are spinning at 27,500 RPM–nearly twice the speed of the very fastest hard drives on the market. I’ve read about the theoretical possibility of discs shattering at 50x+ speeds, though I’ve never actually seen that. I have seen discs crack though, which is irritating–even more so if you don’t have a backup copy.

I think this market is about to stabilize.

Dumping a list of installed packages on a Debian system

Yes, Todd, I’m posting an update from work. This’ll save me from wasting time on Google later in life.
Use the command dpkg --get-selections to generate a list of all the installed packages. If you want to replicate a system quickly (say, for disaster recovery or system deployment), redirect the package list to a file (dpkg --get-selections >packagelist). Then, as long as you have a copy of the file, you can install a minimal Debian system and turn it into a replica of the other system with nothing more than an Internet connection and a few commands:


dpkg --get-selections |sed 's/\(de\)*install/purge/' | > dpkg --set-selections
dpkg --set-selections dselect install

And they say Windows’ TCO is lower than Linux…

The Compaq DL320 and Ghost

We got another Compaq Proliant DL320 in at work. This one’s a Windows 2000 print server (grumble grumble–we’ve been playing with HP’s Linux-based print appliances and so far I really like them).

But anyway, since rebuilding a Windows server is a much bigger deal than rebuilding a Linux server (all our other DL320s run Debian Linux), we tried building a recovery image with Ghost.

Only one problem: Ghost 7.5 doesn’t see the DL320’s IDE drives. DOS sees them just fine. But Ghost 7.5 doesn’t see them, and neither did MBRWork, a freeware partition-recovery tool that’s saved my bacon a few times. There’s something odd going on here.

In desperation, I dug out an old copy of Ghost 5.1c I found on our network. It’s from mid-1999. Oddly enough, 5.1c sees the Proliant’s CMD 649-based UDMA controller just fine. The only problem is, Ghost 5.1c doesn’t handle the changes Windows 2000 made to NTFS. It’ll make the image just fine, but when I went to try to restore it, Ghost crashed.

So I pulled out an unused copy of PowerQuest Drive Image. Drive Image worked fine. Mostly. It made the image at least. One thing I noticed was that Drive Image’s compression was a whole lot less effective than Ghost’s. The other thing I noticed was that Drive Image’s partition resizing didn’t work right. I’d re-size the partitions so they’d fit on another drive I had (I wanted to test the backup to make sure it worked, but not on the live, production drive) but no matter what I did, it reported there wasn’t enough room on the drive.

“Ghost would be so much better in every way, if it worked,” I said in frustration.

“Isn’t that true of everything?” Charlie asked. I guess he didn’t think that was the most brilliant observation I ever made. Not that I did either.

We’ve got support with both Symantec and HP, so we really ought to call them and see if they have a resolution. HP talks out of both sides of its mouth; on the one hand, I found statements on its Web site that Ghost is unsupported on Proliant hardware, and on the other I found some tools that claim to help with system deployment using Ghost.

But since this DL320 is being used to drive a printer that costs about as much as any of us make in a year, and it’s being set up by a guy who’s being flown in early this week at $2,000 a day, I’m not positive that we’re going to get a good resolution to this. I suspect we’ll just end up using Drive Image and keeping an identical drive on hand in case Windows 2000 gets suicidal on us. The price of an IDE drive is pocket change on top of all this.

But when you’re running Linux and GNU tar is a legitimate option as a backup and recovery tool, I love the DL320. It’s small, fast, and cheap. It’s funny when tools allegedly written by college students as a hobby work better and more consistently than commercial tools you have to pay for.

Well, I guess I should say it’s funny when that happens and it’s someone else who has to deal with it.

News flash: Windows is cheaper than Linux!

Lots of people asked me today what I thought about the IDC study that says Windows is cheaper than Linux. I yawned.
Consider the source. Microsoft paid for the thing. You think IDC was going to come back and say Linux is cheaper all around if Microsoft was paying the bill?

Yes, sometimes it’s cheaper. If all your sysadmins know NT and don’t know Unix well, then yes, Windows is going to be cheaper.

But I can think of some times when it’s not. Like if downtime means anything to you at all. My clients scream when I have to reboot an NT server. But I can count on having to reboot a busy NT server once a year due to a lockup or general server stupidity. And virtually every security update is going to require a reboot. I can slipstream a Linux security update almost every time without a reboot–unless it’s a patch to the kernel, which is rare. With the right distribution, I can even upgrade distributions without a reboot. Try that when going from Windows NT or 2000 to something else.

I saw a story on DebianPlanet today about someone bragging he’d done a server migration in 3 hours. You’ll never do that with Windows. But you can do a migration even faster than that–copy everything over somehow to the new server, either through a tape backup or disk cloning, then adjust /etc/fstab as necessary, plop down a generic kernel straight from a distribution, configure the NIC if it’s not a close relative of the old one, and reboot. If you want to get fancy, compile a custom kernel tuned to the new server’s hardware. You can do it all in an hour. We dread the day any of our Windows servers is destroyed by some kind of accident and we can’t find an identical replacement. It’ll take us a minimum of 5 hours to install and update the OS and re-install whatever apps are on it and re-create whatever shares are on it, because that’s how long it takes us to set up a new one out of the box.

And maybe you’ve got picky clients like some of mine. One of them decided out of the blue that they didn’t like how their network shares were named. Never mind that everyone just calls it “the O drive.” Yes, they’re anal-retentive morons, but the client is always right. So one of my coworkers spent a thrilling Saturday un-sharing folders and re-sharing them with new names. On a Samba server, you can just load a text file, change some names, and restart the daemon. Done. The job that took 6 hours and was full of potential for human error is reduced to a few minutes. There’s still potential for human error, but it’s much less because the job isn’t as tedious and boring. And it’s much quicker to fix.

And don’t even get me started on tracking server licenses and CALs. Many organizations, when faced with a Microsoft audit, find it cheaper to just re-buy all of them than to spend the time tracking down the documentation that proves they’re honest. With Linux and open source, there’s no danger of having to pay for something twice, not counting the upgrades. (Those are free too, if you want them.)

Red Hat and Debian fans debate desktop Linux

Mail from longtime reader Steve Mahaffey on the state of desktop Linux. My responses interspersed within:
SM: It’s been a while since I’ve emailed you, though I still read your site almost daily and comment from time to time.

DF: I appreciate that.

SM: Other than our common faith the most important subject that I could comment on might be desktop Linux.

DF: And it’s been a while since I’ve written about either of those. Too long.

SM: In the past I’ve used Mandrake and Suse briefly, and Red Hat 7.2/3 more extensively. As a server, Red Hat 7.3, booted to runlevel 3, runs until the power goes off at my West Houston home long enough to outlast my UPS. On the other hand, as a desktop OS, Red Hat 7.3 with KDE or Ximian Gnome would crash 1-3 x per week, and Ximian Gnome would get corrupted, requiring me to delete various ./.gnome* config files or files in /tmp to fix it, which most users would not be able to fathom or guess at.

DF: The more advanced desktop environments seem to be pretty sensitive to something or other. I haven’t figured out what exactly. That’s part of the reason why I run IceWM on Debian on my desktop; it’s stable. Running Gnome apps under IceWM on Debian “Unstable” (the experimental, bleeding-edge Debian distro), I’ve been chasing a slow memory leak that eventually consumes all available physical memory and eventually leads to a crash, but it takes a month or two. More on what I think is going on in a minute.

SM: Red Hat 8.0 on my primary workstation, on the other hand, is currently at 43 days uptime. NO CRASHES, once or twice I have restarted the x-server, and once I had a problem with the gnome conifg files. I know that you use Debian mostly, but Red Hat, Lindows, Mandrake, Lycoris, or the like will be the ones to have a mass impact on the desktop. Seems like Lycoris or Lindows was Debian based, though.

DF: I know Lindows is based on Debian. I don’t know Lycoris’ origin. You are correct that Debian will have minimal impact on the desktop, at least in the home. Debian doesn’t give a rip about commercial success and it shows.

I saw Red Hat 8 and Mandrake 9 recently and I was impressed at how far they’ve come. I haven’t touched Red Hat since 6.2 or Mandrake since, well, 7.2 probably. They looked stable and fast. And I saw a minimal (no options picked) Mandrake 9 install the other night. It was 144 megs. I remember not long ago trying to do minimal Red Hat and Mandrake installs and they were 300 megs, at least. That’s definitely a step in the right direction.

SM: Anyway, besides much greater stability, I have enough functionality for most of my needs in programs like Open Office, gnucash, Mozilla or Galeon, Evolution or KMail, etc. Some may have other needs, only met via Windows only programs, of course. I have noticed that RH 8.0 seems on occasion to be slow, but not most of the time. The menus are a little funny … easy to add to the KDE menus, but they don’t always seem to work. With Gnome, it’s easier to add a custom panel to add a non-default application, but it does work then.

DF: Linux currently meets most of the needs I observe on the typical user’s desktop. Not necessarily power users, but for the basic users who are interested in typing simple documents like letters and memos, simple spreadsheets (and let’s face it, an awful lot of spreadsheets use very basic math, if any at all), e-mail, Web browsing, chat, and listening to music, Linux provides solutions that are as good as, if not superior to, those that run on Windows.

I also observe how many users don’t know how to add an application to Windows’ Start menu, or desktop, or that quick-launch thing on the taskbar. It may be easier on Windows, but it’s still not easy enough for most people.

Of course, this is coming from someone who keeps at least one shell window open at all times in Linux and launches apps from there because it’s faster and easier for me to type the first few letters of an app and hit tab and then enter than it is to navigate a menu. For people like me, Linux is much, much superior to Windows and always will be.

SM: RH 8.0 did recognize my nVidia card, but did NOT enable opengl 3d acceleration. I had to install the nVidia drivers from the nVidia web site to get opengl acceleration…apparently Red Hat has decided to not support that at this time. Another oddity is that I have had to turn on the cd sound to play audio CDs by using the kde mixer…can’t seem to do it with the gnome mixer, and don’t know where to hack a config file or file permissions to do this.

DF: Given Red Hat’s history with KDE, it’s ironic that some things work better in KDE than Gnome on Red Hat. Nvidia’s decision to only provide binary drivers (not source) hasn’t proven popular with a lot of Linux distributors, which probably has a lot to do with the OpenGL issues. Red Hat isn’t going to go out of its way to make nVidia look good, and might actually go out of its way to make nVidia not look as good as ATI or Matrox or other companies who are willing to provide straight source, taking the chance that users will blame nVidia rather than Red Hat or Linux. (That’s not a particularly safe bet, but it’s not out of character, given past history.)

SM: Other things… Evolution crashes a lot. I’ve given up and started using KMail (for IMAP since I use my own mail server with IMAP). Galeon is good, but it seems that I had some printing issues and I’ve been using Mozilla more. I’ll have to see how the Phoenix browser comes along…it might be the best choice. Flash and Java required a manual install.

DF: Evolution is stable for me in Debian (more stable than Outlook 2000 under Windows 2000) but I’ve heard that complaint. I have to wonder if Evolution might be picky about the libraries it’s linked to and what it’s compiled with and how? Debian is really conservative; Red Hat is much more apt to use C compilers that haven’t proven themselves just yet. It’s great that GCC 3.2 is so much faster, but if that speed is still coming at the price of stability, let’s back off, eh?

I like Galeon but I don’t print Web pages much. Phoenix is turning into a very nice browser. Lately I’ve been using Mozilla nightly builds for the spam filtering in the mail client and no other reason.

SM: All in all, maybe Red Hat 8.0 is still more a distro that is more suited for corporate environments that have IT personnel around to hand-hold, and which need only modest desktop application abilities. But, it’s coming quite close to the fabled “Aunt Minnie” friendly OS that will really give Microsoft fits.

DF: It’ll take time to get mainstream appeal but I believe it will. Linux PCs in Wal-Mart are a very good thing, because it gives exposure and feedback. The press hasn’t been too kind to the Linux PCs sold there, but if the criticisms are addressed, things will get better, faster, for all distributions. Windows nothing but a really bad Mac wanna-be for 10 years, but it ripened because it infiltrated mass-market PCs. The press applauded Microsoft as it washed its dirty laundry in public. Linux won’t get that same treatment, but I’ll take a criticizing press over a kiss-butt press any day of the week if the goal is product maturity. Windows has been 20 years in the making, but XP still crashes too much.

And as far as Red Hat vs. Debian goes, I may have to give Red Hat another look as a desktop OS soon.

SM: Most of your comments seem to center around Linux and server applications. This is not trivial or unimportant. However, I think that the time for desktop Linux may be getting quite close, and I’d be interested in your comments if you feel so inclined.

DF: My focus has changed in the past year. Two years ago, I did desktop support, and server work in emergencies. About a year ago, I started moving into server support and only did desktop support in emergencies. It’s been a year since I’ve dealt with end users on a regular basis, so I don’t know as much what’s wanted or needed on the desktop anymore and I definitely don’t think about it nearly as much since I’m almost never confronted with it.

I think my thoughts on it are still worth something, since it’s only been a year, but that kind of experience definitely doesn’t age well.

Getting back to the desktop, the apps we need are in place. What they need most now are must-have features that Microsoft won’t supply, or won’t supply quickly. Bayesian spam filtering in Mozilla is a prime example of Open Source beating MS to the punch. A great idea showed up on Slashdot, some early implementations showed up immediately, and within a month or two, it’s in Mozilla’s alpha builds. The public at large will have a usable implementation within a couple of months. And there will be others. I suspect we’ll see lots of examples of it in digital media. I mean, whose design would you rather use, the design of someone concerned only with corporate interests, or the design of a group of users concerned with their fair-use rights and yours and mine?

SM: Anyway, maybe you’ll find my observations to be of interest.

DF: Always.

Linux network diagnostics

I was doing a little research for Gatermann about Linux networking. I didn’t find what I was looking for, but I found something interesting: a pair of tools co-written by Donald Becker called mii-tool and mii-diag.
The source code for it is available at scyld.com but Debian includes a package for it (mii-diag). It allows you to force your network card to re-negotiate its speed with your hub or switch, which is useful if it’s constantly negotiating the wrong speed. In Windows you can usually open the network control panel and force duplex operation and speed. In Linux, that requires playing around with module options, which aren’t always consistent across drivers (because they’re not all written by the same people) or, if you compiled your driver into the kernel, passing boot parameters. Either way, you’re forced to reboot.

Run mii-diag to find out the status of your card (and commentary on the situation from the authors, in some cases). You can run mii-tool -r to force a renegotiation nicely, or run with the -f parameter to force it to a certain speed (if you’re interested in forcing a speed, you’re probably chasing 100 megabit, full duplex).

If your system is mysteriously not connecting, like my Web server was yesterday after I moved it, this tool can be useful in fixing it. I wish I’d known about it yesterday. I eventually solved the problem by rebooting until it worked right. (I don’t think my server’s 3Com NIC likes my Linksys router/switch much.)

So if you want to change your network’s speed for any reason without rebooting, this is the tool to do it (and it doesn’t make you hunt the Web and Usenet for the module parameters).

Adding a network card to Linux

I said yesterday I didn’t remember exactly how to add a network card to Linux machines. I found instructions today. They weren’t entirely correct. So here are instructions (hopefully more correct–I have access to exactly one Linux box right now) for adding a NIC in Linux.
First, determine which module your NIC uses, then install it temporarily with the following:

insmod [module name]

For example:

insmod rtl8139

In RPM-based distributions (Red Hat, Mandrake, Caldera, TurboLinux, UnitedLinux), edit the file /etc/modules.conf or /etc/conf.modules to add an alias for the module. In Debian-based distributions, edit the file /etc/modutils/aliases and then run the command update-modules. In any case, the format of the line to add is the same:

alias eth0 rtl8139

More likely, you’re adding a second NIC, in which case the line would look more like this:

alias eth1 rtl8139

In RPM distros, next you create an interface config file in /etc/sysconfig/network-scripts. The file is called ifcfg-[interface]. Here are a couple of example ifcfg-eth0 files:

# Static IP
DEVICE=eth0
IPADDR=192.168.0.33
NETMASK=255.255.255.0
BROADCAST=255.255.255.255
ONBOOT=yes

# DHCP
DEVICE=eth0
BOOTPROT=dhcp
ONBOOT=yes

In Debian, all network configuration info is kept in /etc/network/interfaces. Here’s a sample configuration:

iface eth0 inet dhcp

iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255

SuSE is likely to be a bit different. Slackware is virtually guaranteed to be different. I haven’t looked at SuSE in three years and Slackware in five. Hopefully they’re similar enough that this can give you a start.

I’m sure there’s a graphical way to do this in some, if not all distributions, but I prefer to hit the configuration files directly. It’s much easier to explain, and the knowledge is much more portable.

A semi-easy firewall

A single-floppy firewall mini-distribution can be a quick and easy way to save yourself some money if you’ve got an old PC in a closet not doing anything, assuming you stumble across a combination of hardware that works right.
If you don’t stumble across a combination of hardware that works together, you can just as easily spend a weekend and accomplish nothing but uttering strings of four-letter words in combinations never before heard by mankind.

In case you came here looking for hardware that works, here are a few hints. A 10-megabit PCI NE2000 clone in combination with virtually any 10/100 PCI card ought to work fabulously. A pair of 10/100 PCI cards based on the RealTek 8139 chipset, which includes the majority of today’s inexpensive cards, probably will not. If you’re buying new stuff and want ease of use, get a 3Com card and a cheapie. If you want cheap and a little inconvenience, get a Netgear FA311 or 312 and a Realtek 8139-based card, such as a D-Link DFE-530+ or a Linksys. You’ll have to hunt down and install the natsemi.o module to get the Netgear working; most other inexpensive cards on the market will work with the rtl8139.o driver.

Freesco doesn’t supply a driver for the Intel EtherExpress Pro series out of the box. If you’ve got an EEpro, you can make it work by downloading the module and copying it to the floppy, but don’t rush out to buy one. And yes, the 3Com and Intel chipsets are high-performance chipsets, especially compared to the 8139, but remember, routers are machines that pull packets out of a 1.5-megabit pipe (if you’re lucky) and shove packets down an even smaller pipe. In this application, a $40 big-brand card doesn’t give you any advantage over a no-name card that costs $6 at Newegg.com

While these firewalls will technically work fine even on a 386sx/16, trying to make them work with ISA cards can be a long, difficult road. Used Pentium-75s are dirt cheap (and Pentium-60s and 66s are even cheaper, when you can find them) and they’re a lot less trouble because PCI cards don’t require you to rejumper them or hunt down a plug-and-play configuration disk to find out its IRQ and address. I’ve had the best luck with Pentiums that used an Intel Triton chipset or newer (the 430FX, HX, VX, or TX). I’ve tried a couple of boards that had a SiS chipset of 1995 vintage or so, and I could get one network card or the other working, but not both. I don’t want to generalize and say that based on two isolated incidents that all Taiwanese chipsets are junk for this application–for all I know, the problem could have been the BIOS on those boards–but I’ve done this on a handful of Triton-series boards and done well on all of them, and on two SiS boards and failed. Your mileage will probably vary.

How much memory do you need? 16 megs is sheer luxury.

Once you put all this together, the question becomes whether you use a floppy distribution or a full-blown distribution. If you want peace and quiet and cheap, the answer is pretty easy–use a floppy and pull out whatever hard drive was in there.

A full-out distribution like Red Hat or Debian will give you more versatility. You can run meaningful Web and FTP servers if you want (and your ISP allows it). You can run a caching nameserver to speed up your Web browsing. If you feel adventurous, you can even install the Squid caching proxy and speed up your browsing even more (but either use a SCSI drive or put in a bunch of extra memory and run Squid’s cache out of a ramdisk–Squid’s performance on IDE is, to put it mildly, terrible).

I’m having a hard time finding the documentation on how to set up a second network interface quickly. I believe it involves the file /etc/interfaces and the files /etc/sysconfig/ifconfig.eth0 and .eth1, but I don’t have a Linux box handy to investigate at the moment.

Anyway, I like Debian for this application (of course) because I can easily fit a minimal Debian on a 100-meg hard drive.

Once you get your network cards all working and talking to each other, you can build your firewall using this online tool. I just copy it, then Telnet into my Linux box using PuTTY, fire up a text editor, and right-click in the window to paste.

If you want versatility and quiet and don’t mind spending some cash, pick up a CompactFlash-to-IDE adapter and a CompactFlash card of suitable size. Don’t create a swapfile on the CF card–you’ll quickly burn it up that way. Your system will recognize it as a small IDE drive, giving you silent and reliable solid-state storage on the cheap.