Bug#719411: tasksel: Standard out-of-the-box configuration as a router
> It seems you have a couple of separate ideas maybe:
> * a pre-configured system, a project more like a 'Debian Pure Blend'
> * a generic 'tasksel' task of networking utils
Actually I would like to see it both - the set of required utils and
their proper configuration that creates a Router/AP in tasksel within
regular Debian distro and not as a specialized blend. The reason for
this: unlocked, generic hardware became powerful/cheap enough to run
even Gnome (check this - http://utilite-computer.com/web/utilite-models
). So there is no more reason to hack the weak routers in order dump
OpenWrt, risking to brick them, if you can get a real desktop. The idea
is to make it easy for a regular mainstream user to enable this feature
on such hardware (which will bring him real added value) and in the same
time get him acquainted with Debian.
> The FreedomBox is an example of a more specialised project. Debian Edu
> also preconfigures its servers for NAT. And there is also
> https://wiki.debian.org/DebianLAN
>
> You may want to look at the third-party project LibreWrt which sounds
> like it could be optionally built from Debian sources. (Official builds
> are based on Trisquel, a Debian derivative).
>
>
> FWIW for 7+ years I have used *only* Debian GNU/Linux, Debian
> GNU/kFreeBSD, or other *BSDs for routers or access points at home, and
> at some other deployments too. I already know which packages I need, so
> as long as the installed system has network access I can get them from a
> network mirror later.
>
> If it was viable to create a tasksel task for this, it would be
> difficult to decide how many packages is enough, or too many. Systems
> used as routers are often low-powered with very limited space.
No longer... This feature should be oriented on user (who will buy
powerful hardware) and not on router manufacturers (who try to be
minimalistic in order to keep costs low). Optionally you can have second
package - "router-config-minimal".
> It is
> desirable to provide everything possibly needed to get a network
> connection,
yes, and the non-free firmware should also optionally be provided for
the autodetection process.
> then maybe some 'Recommends' on other useful packages. My
> own ideas are:
>
> Wireless:
> * iw [not kfreebsd-amd64, kfreebsd-i386]
> * wireless-tools [not kfreebsd-amd64, kfreebsd-i386]
> * hostapd
>
> Modem:
> * ppp [not kfreebsd-amd64, kfreebsd-i386]
> * pppoe
> * pppoeconf
> * usb-modeswitch
>
> Services:
> * bind9
> * isc-dhcp-client
> * isc-dhcp-server
> * ntp
> * openssh-server
>
> IPv6:
> * radvd
>
> Diagnostic:
> * dnsutils
> * elinks
> * inetutils-ping
> * inetutils-traceroute
> * mtr-tiny
> * nmap
> * tcpdump
> * wget
> * whois
>
> Reporting:
> * collectd-core
> * logwatch
>
> VPN:
> * ipsec-tools
> * openvpn
> * strongswan
>
> Firewall/traffic shaping:
> * iptables [not kfreebsd-amd64, kfreebsd-i386]
> * iproute [not kfreebsd-amd64, kfreebsd-i386]
> * pf [kfreebsd-amd64, kfreebsd-i386]
> * denyhosts | fail2ban (for protecting the router itself)
>
> + more userland tools for managing a firewall (as long as having them
> installed doesn't mean they are immediately active/conflicting).
> wondershaper, shorewall, ufw...
Could you pack your configurations for all this in a separate package,
and we are done basically?
Reply to: