[DDH]

Well when Arkay suggested (thank you) that Arch Linux was a good place to look for a Linux distro, I thought, why not, I can only learn something!

So I've just today declared the new, and first of more to come, Arch box done. It is running:

• Under ESXi 4.1
  
• Squid proxy (transparent)
  
• SquidGuard (which took me down the make path and code mods to handle the right db version amongst other things)
  
• Shallalist black list
  
• dhcp4
  
• a gob load of other utilities to make it fun and work

Some of the good parts have been:

• Working through the multiple interfaces
  
• Dealing with modifying route tables
  
• Getting the box very secure and redirecting traffic via iptables
  
• Getting that squidGuard to work with mods and compile

No real bad parts because I wasn't in a rush and had the home "production" network running the entire time. The old insecure and poorly configured Ubuntu squid proxy box was running as I configured this box up over a few weeks of spare time here and there. Its all part of my grand plan to actually do the home network properly.

So, what can I say, when in doubt, build something new and learn things!

I've always been a Unix / Linux fringe dweller, but what can I say, you go back to all that great raw networking and core computing stuff when you want to play under the hood. :D

Next project - a new ESXi server with direct IO (Vt-d) so that I can "see" my tuners (MCE 24/7 recording unit) and RAID controller (2008 R2 machine) through the virtualisation layer.

[arkay]

Hehe. Cool. Glad you're having fun with it :)

I still haven't gotten around to doing the whole home network security. I settled on quickly setting up squid with dansguardian on the kids machine but if they ever learn how to change the proxy settings in firefox I'm screwed :) It does for now though and I can always add some iptable rules later to stop them dodging the proxy. I can see it being a game of cat and mouse in a few years time :)


How did you find the first foray into Arch?

Cheers,

Arkay.

[logifuse]

ESXi is extremely impressive. And the free license is good enough for most home needs (not in my case though - my customer's server is dual 12 core Opterons :o ).

It's certainly much nicer than the XenServer (although functionally pretty similar).

I've used an HP build where you install ESXi on an SD card (or USB drive) & only the logging goes to the storage pool.

We're running an SBS 2011 (using 8 cores & 10GB of the RAM), a couple of W7 Pros (single core with 1GB of RAM) used for running specific apps, & plans are afoot for a 2008R2 server (to move BESx to from a physical server). That will still leave cores galore, but I might need to bump up the RAM for anything else. Thinking about trying to transfer a VMWare Workstation based Snow Leopard to it for Mac based testing too.

I was a bit down on virtualization 18 months ago, but I'm starting to see the plus'.

Justin

[DDH]

arkay, on 24 July 2011 - 07:41 PM, said:

How did you find the first foray into Arch?

In short - slimmer and faster.

Its just no nonense core Linux where you then add what you want. I'm still struggling with how small the footprint is. You notice the load speed slow a tiny bit as you add various packages, but still lightning fast. On my piddly little ESX trial box with 8Gb RAM I can run a Win7, Win 2008 R2 and Arch Linux super fast. For example I can reboot the proxy without my "customers" loosing connection! Of course that only applies if you get the new settings correct :o

The wiki and on-line help is more to my liking. The community is great and there is less BS than in the Ubuntu area. Easier to find answers, tutorials that make sense and work. Clearly a lot of people who like their Linux hanging around as opposed to the masses.

I will certainly be building more Arch boxes. Once I get the real ESX server in play there will be an Arch / Myth box just for fun. The beuty of having them on ESX is that I can shutdown the Win7 MCE and assign its tuner card with direct IO to the Myth box and vice versa. So PCI and PCIe cards moved between machines without openning a case!

I'm also looking out for an SSL VPN solution that will allow me clientless access then RDP on Linux, so maybe another box there too. I may be asking a bit too much of the GNU domain, but haven't looked to hard yet for SSL VPN. I just can't afford a Cisco or Juniper solution like I use commercially. :o

Overall very glad I asked you the question and headed in this direction. I feel far more back in touch with Linux! :thumbsup:

[arkay]

Excellent.

I don't think you're asking too much of GNU at all. I'd be very surprised if you can't find something along the lines of an SSL VPN. Anything server related should be simple to find, easy to set up and 100% rock solid reliable.

Don't just use Arch for a server though, it makes a damn fine desktop as well if you wanna have a play with non server things too :)

Everything is just so clear and concise, no mess, dead simple. The way it's meant to be.

Cheers,

Arkay.