Bug#719411: tasksel: Standard out-of-the-box configuration as a router

To: ST <smntov@gmail.com>, 719411@bugs.debian.org
Subject: Bug#719411: tasksel: Standard out-of-the-box configuration as a router
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Tue, 13 Aug 2013 15:07:18 +0100
Message-id: <[🔎] 520A3D96.9090309@pyro.eu.org>
Reply-to: Steven Chamberlain <steven@pyro.eu.org>, 719411@bugs.debian.org
In-reply-to: <[🔎] 1376309957.4263.33.camel@debox>
References: <[🔎] 20130811125916.9182.15600.reportbug@debox> <[🔎] 20130811134655.GA5311@mykerinos.kheops.frmug.org> <[🔎] 1376309957.4263.33.camel@debox>

Hi,

It seems you have a couple of separate ideas maybe:
* a pre-configured system, a project more like a 'Debian Pure Blend'
* a generic 'tasksel' task of networking utils

The FreedomBox is an example of a more specialised project.  Debian Edu
also preconfigures its servers for NAT.  And there is also
https://wiki.debian.org/DebianLAN

You may want to look at the third-party project LibreWrt which sounds
like it could be optionally built from Debian sources.  (Official builds
are based on Trisquel, a Debian derivative).


FWIW for 7+ years I have used *only* Debian GNU/Linux, Debian
GNU/kFreeBSD, or other *BSDs for routers or access points at home, and
at some other deployments too.  I already know which packages I need, so
as long as the installed system has network access I can get them from a
network mirror later.

If it was viable to create a tasksel task for this, it would be
difficult to decide how many packages is enough, or too many.  Systems
used as routers are often low-powered with very limited space.  It is
desirable to provide everything possibly needed to get a network
connection, then maybe some 'Recommends' on other useful packages.  My
own ideas are:

Wireless:
* iw [not kfreebsd-amd64, kfreebsd-i386]
* wireless-tools [not kfreebsd-amd64, kfreebsd-i386]
* hostapd

Modem:
* ppp [not kfreebsd-amd64, kfreebsd-i386]
* pppoe
* pppoeconf
* usb-modeswitch

Services:
* bind9
* isc-dhcp-client
* isc-dhcp-server
* ntp
* openssh-server

IPv6:
* radvd

Diagnostic:
* dnsutils
* elinks
* inetutils-ping
* inetutils-traceroute
* mtr-tiny
* nmap
* tcpdump
* wget
* whois

Reporting:
* collectd-core
* logwatch

VPN:
* ipsec-tools
* openvpn
* strongswan

Firewall/traffic shaping:
* iptables [not kfreebsd-amd64, kfreebsd-i386]
* iproute [not kfreebsd-amd64, kfreebsd-i386]
* pf [kfreebsd-amd64, kfreebsd-i386]
* denyhosts | fail2ban (for protecting the router itself)

+ more userland tools for managing a firewall (as long as having them
installed doesn't mean they are immediately active/conflicting).
wondershaper, shorewall, ufw...

And offline documentation!

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

Follow-Ups:
- Bug#719411: tasksel: Standard out-of-the-box configuration as a router
  - From: ST <smntov@gmail.com>

References:
- Bug#719411: tasksel: Standard out-of-the-box configuration as a router
  - From: ST <smntov@gmail.com>
- Bug#719411: tasksel: Standard out-of-the-box configuration as a router
  - From: Christian PERRIER <bubulle@debian.org>
- Bug#719411: tasksel: Standard out-of-the-box configuration as a router
  - From: ST <smntov@gmail.com>

Prev by Date: Linux kernel ABI bump in testing: from 3.9-1 to 3.10-2
Next by Date: Re: D-I build failures for kfreebsd-amd64....
Previous by thread: Bug#719411: tasksel: Standard out-of-the-box configuration as a router
Next by thread: Bug#719411: tasksel: Standard out-of-the-box configuration as a router
Index(es):
- Date
- Thread