Planning out a FOG install.
-
@Wayne-Workman
Kewl, both are great posts, thank you guys.I would personally would like to avoid having dual NICs in the lab boxes. Since I would be well behind the schools security walls and on the internal network I don’t necessarily need to turn the box into a full fledged router with all the security bells and whistles. I think it would just need the NAT software and basic routing of all but the DHCP & PXE traffic between NIC A & B. Or if I could get a lower end router to do that too would be nice. Some cursory googling makes it look like software wise it wouldn’t be too difficult to set up the NAT program on Linux. Time to rummage in the storage closet to see what we have that might work.
-
@chimchild If you are going to do the DIY router thing on a commodity desktop computer, please take a serious look at pfSense. Save your time for more value added processes. pfSense will do exactly what you need, plus you can mange it from a web based gui. For pfSense you can boot from a usb flash drive so no hard drive or cdrom is required as long as you have 4GB of ram, on a circa 2009 or newer box.
-
@chimchild @george1421 There’s also a project called ZeroShell that I like quite a lot.
-
I’ll definitely take a look at pfSense, I’m sot sure a whole distribution solution like zeroshell would be the way to go, since I would have FOG on the same box.
Right now I’m working with a i3 quadcore 64bit (Sandybridge), with 4GB of ram. Its a micro form factor so I’ll take a look at to see if I can’t bump up the ram to 8 GB.
-
@chimchild So your goal is still to use the fog server as a router?
-
@chimchild Man, honestly, tell your uni to go to wal-mart and get a 30 dollar router. (or something better).
-
@Wayne-Workman said in Planning out a FOG install.:
@chimchild Man, honestly, tell your uni to go to wal-mart and get a 30 dollar router. (or something better).
but make sure it’s one you can install dd-wrt or the like with. most consumer firmware doesn’t let you set options 66/67 as far as i know ( i could be wrong, haven’t brought a new router in a long time)
-
@Junkhacker Fog can run DHCP.
Most allow you to turn DHCP off. -
@Junkhacker I can say for a specialty project (jvc camera project) I purchased this home router and loaded dd-wrt on it. http://www.amazon.com/TP-LINK-TL-WR841N-Wireless-Router-300Mbps/dp/B001FWYGJS/ref=sr_1_2?ie=UTF8&qid=1460131895&sr=8-2&keywords=tp-link+home+router
For a lab router it may be a bit under-powered. But the price was right for the specific project. I think at the time I purchased it, the cost was $20USD.
-
here’s my OpenVPNRouter project:
https://github.com/wayneworkman/OpenVPNRouterIt’s designed to take a computer with two NICs and tunnel all traffic through PIA (private internet access), and also features DNS redirection as well. It serves DHCP, NAT, and also and acts as a firewall.
I haven’t worked on it in a while but it’s working. Installation is rough around the edges and I’ve not made it beautiful or polished yet.
You can adjust the bits and bobs to remove the VPN part easily.
HOWEVER,
I still recommend buying a router! -
I would like to do do it all in one box.
Right now the box will just be handling one Lab/Room, and will largely be an experiment. If it goes well we would like to to set up a more central Fog server (either a VM or physical box) and start migrating our Macs and then out Windows deployments onto it.
-
@chimchild OK then (understand this configuration is not supported by the FOG Project, my musings are simply my own).
In this future setup I would do the following.
- Install linux on your selected hardware with a single nic installed.
- Copy the fog 1.2.0 stable installer to the linux box, but don’t install it just yet
- Assign a ip address for the main nic so that it is static and on the lab subnet.
- With the main network adapter connected to the lab lan, install fog 1.2.0 stable
- Once fog is setup and functional install the second network adapter on the campus network
- Assign a static ip address to this nic and make sure the gateway is set on this interface only to point to your internet router on your campus network.
- Once that is done make sure you can ping devices on your campus network from your FOG server as well as ping (or connect to) devices on the internet.
- Now to turn your linux box into a router all you need to do is turn a switch on in the linux kernel. You can do it a few different ways. The simplest way to turn in on right away is
echo 1 > /proc/sys/net/ipv4/ip_forwardthat will work until your FOG server is rebooted. To make it a forever change you need to edit the/etc/sysctl.conffile and add innet.ipv4.ip_forward = 1then finally resync the settings with this commandsysctl -p /etc/sysctl.conf - OK so now your fog server is a router. There is 2 things you need to do. In your ISP router (or next upstream router) create a static route that defines the LAB subnet, and make it accessible via the FOG server’s network interface on the campus network. That will tell your ISP router how to send data to your LAB network. Then on the LAB network you need to tell those devices that the default route off the LAB network is via the FOG server’s interface on the LAB network.
Once all of those steps are completed your fog server will act as a router between the lab network and the campus network as well as act as a pxe boot server for your lab network. The key is to set your FOG server primary nic on the subnet where you want the pxe booting and image deployment to happen first.
-
@george1421 NAT?
And why fog stable? -
@Wayne-Workman said in Planning out a FOG install.:
@george1421 NAT?
And why fog stable?NAT was not requested. So if the address space is unique to the LAB why not just make it routable and not have to mess with nat. The OP can do do NAT if he wants, but that setup is way beyond the scope of what I posted. (yes I know you can do it with iptables).
FOG stable, I guess I didn’t explain that one very well, and I missed a step.
FOG Stable because that doesn’t have to connect back to the fogproject site for kernel downloads. That installer should be self contained. It will have to be, because the FOG server is not acting like a router yet. But we need the fog installer to be sure to select the NIC connected to the lab network. That way the multicasting and other FOG settings will be configured correctly.Now the part that should be step 10
10. Download and install the FOG 1.2.0 trunk version and update the stable version of fog 1.2.0 to the latest trunk. Now that routing is working correctly the FOG installer can reach the fogproject.org web site to pickup the checksums and files. -
@george1421 In trunk, the interface stuff is corrected now, just fyi. The installer intelligently detects the correct interface and IP to use.
-
This is a very informative thread
I fully understand that the configuration and steps you lined out are from you and not FOG.
I apologize if I didn’t articulate all thoughts in my head (finals this months so there’s more hamsters than normal running the wheels)
I was looking at possibly NAT-ing at the FOG box. Have the lab on a private IP range (i.e. 192.168.x.x/24) and have the Fog box NAT/Route those IP to a single weber.edu address. Over the next month or so (after finals) I plan to have a sit down with out network group too. Hopefully they will be fine with a NET situation or assign the room a specific ip-range/vlan. I expect that they definitely want to keep the clustering traffic off the school’s network.
Its great having multiple config options available.
-
@Wayne-Workman said in Planning out a FOG install.:
@chimchild Man, honestly, tell your uni to go to wal-mart and get a 30 dollar router. (or something better).
I don’t really have a budget; I’m sure if I have sufficient justification I can get reasonable purchases authorized. Personally I enjoy the challenges of re-purposing & “recyleware”. So far all hardware (except the new boxes for the lab computers) is stuff I’ve pulled from our storage closets, or the campus warehouse store.
And this has been a nice refresher & educational Linux project for me, that I believe will translate well into real-world post-graduation interviews in the next couple years.
-
OK. Overall I plan to stay within “stable” releases. One of my goals once its set up, to be able to remotely manage it so it will be headless, and leave behind sufficient documentation for future administration after I’ve graduated next year.
-
@Wayne-Workman Thanks for sharing that. I think that will be very helpful to me on my project
-
@chimchild Just remember, my project is GPLv3, so to use any of it, your project must be GPLv3 as well.