Simplest Linux distro?

[RocketPants]

Hello

Is there a distro that is very VERY simple to use for setting up a firewall/NAT/file server between my LAN and the internet?

Because I have spent countless hours panicking over dozens distributions of Ubuntu and Debian now. isc-dhcp-server only works half the time, mostly because Network Manager interferes with the old way of setting up NICs, and in 15.10 they introduced some renaming scheme that broke me.

Samba flat out refuses to cooperate with ufw, which is an opaque mystery. "It's easy" they say. "Just run 'ufw enable XYZ'" - and then it turns out that the definitions for XYZ did not install along with ufw, thus forces you to more or less do what you did with iptables, only even more contrived and with more errors in the walkthrus. It is funny how all the advice sites just keep cutpaste quoting each other, errors and all!

If I get all those to work, DNS dies. GUI tools install, do something useless, mess up the config and leave me with unknown changes and nwely introduced errors.

Once I learn one way of doing something, a year passes and the next major release throws out all that and enters something radically different, but leaves the carcass of the old one smeared across the file system, happily confusing me, coexisting with the new and thus cross-covering each others' work, making a mess.

I don't have time for this, I just want basic stuff to function. You know - like they do each time I replace my Linux attempt with Windows again, in disgust, after a few weeks of rage.

I am not an IT guy, I just dork around with PCs as a hobby. That said, I have been around for a long time and remember compiling kernels back in 1998 (I cut my teeth on Mandrake. That never worked well either). About once per year I do a serious attempt at learning and getting a few Linux installations up and running, and most of the times it craps on me sooner or later.

Linux has never worked well for me, mostly because it changes all the time, moving around config files to new places while still keeping the old, introducing cascades of new and randomly chosen folder places to store vital components, et cetera.

So this tirade boils down to this: is there a Linux distro (or any *NIX, really) that behaves in a consistent manner and where I can with confidence get the expected output from the normal input? Where stuff has not changed for a long time and supposedly will not?

BSD? Slackware? Are the Red Hats the same clusterfucks as the Debians these days? Is there a haven of consistency and reliability in this playground?

I am willing to get down as close to the metal as it gets without having to learn how to program C (I have a day job). I would run Android on an ARM if that was the solution.

I am grateful for any advice in this issue. Thanks.

 

[Hi-Fi Man]

If you want to try BSD there is PC-BSD which is a nice easy to use FreeBSD distro. I haven't used it a whole lot in comparison to Ubuntu but it may provide what you seek.

http://www.pcbsd.org/

 

[RocketPants]

Thank you very much for that tip, I shall look into it right away! :thumbsup:

 

[Essence_of_War]

It sounds like you're trying to use desktop distro's, and short-term releases (rather than long-term supports) at that, as a NAT and that might cause problems. Have you tried using ubuntu-server LTS, for example? It's incredible easy to install, has several common pre-configured variants, and it doesn't have a gui network manager (or any gui at all!) that could interfere with CLI tools like dhcpd.

If you want just a straightforward NAT/router/firewall only, the canonical recommendation is pfsense, which is FreeBSD based. OpenWRT and DD-WRT are linux based distributions, but they are really aimed at commercial router hardware (ARM, MIPS), but they should support x86 just fine.

BSD? Slackware? Are the Red Hats the same clusterfucks as the Debians these days? Is there a haven of consistency and reliability in this playground?

I understand that you're frustrated, but the idea of Debian-stable being a "clusterfuck" is sort of absurd. This indicates to me that something else is going on other than the OS getting in your way. Like maybe you're playing with unstable/testing/release-candidate software by mistake? Or maybe you're not reading up to date documentation.

 

[RocketPants]

I willingly admit incompetence, and I apologize if I insulted anyone with that comment. I just get irate about the state of things.

See, when I encounter a problem and google it I usually get dozens of hits where it is obvious that the writer did not validate his advice but just speaks from memory, which after repeated and frustrated failures by myself and others turn out to be flawed.

Recommendations to use tools that are not installed by default and/or manipulate obsolete config files. Things like "do a 'service X restart'" on systemd releases. Underscores where there should be periods, quote marks missing. Omissions of vital things like "ping the server" during firewall testing which fails because ICMP is still disallowed. Did he ever follow his own advice?

HOWTOs that forget to mention that the config file you should edit has been moved from /etc to /etc/something/ - even though the old one still remains at the old place driving you mad when your changes do not have an effect.

That the settings you entered into a file will be overwritten by the process later. If you are lucky, this will be noted in the config file. Except when it is not true and just written there because some process copies that text into the actual config file that will be overwritten.

That changes do not persist after a reboot, requiring you to apt-get install iptables-persistent because it is apparently logical to supply iptables by default but not make them stick - and expect people to rewrite them manually every reboot? I do not follow that logical train of thought.

GNOME shared folders that are defined entirely different than Samba shared files. I still haven't figured out how that works, it fast became a recursive fdisk hell when I tried to mount an external harddrive with a Truecrypt partition and offer it on the network through Samba.

Some basic things require meticulous and manual tweaking. Others work without any interaction, leaving me in a confused state of cognitive dissonance. Like using tethered internet through the cellphone. Two years ago it was impossible to share it over the locak eth0 because the NICs would be defined separately - one through Network Manager, the other in /etc/network/interfaces, and for some reason they would not play. Today it just works without me doing anything, and that scares me even more because I have no control over the opaque things going on.

As I said, I'm incompetent and there may be brilliant intelligence dug into this subject that I am oblivious to because I suffer from the Dunning-Kruger effect. Also, I realize that I can neither expect nor demand anything from a free beer, those that made the software and wrote the docs owe me nothing.

Though it seems to me that the systems began simple, elegant and well-thought-through after some 30 years of UNIX experience (I fondly recall HP-UX from the school labs).

But the more contributors do their own thing the more the chaos emerges. This is probably the natural state of things, but it is immensely frustrating for my clumsy layman attempts at approaching Linux.

That rant aside, thank you for your input! I do indeed use desktop distros because I was under the impression that server distros were the same minus the desktop environments. I figured that getting a bunch of LibreOffice and GIMP installed on top would make no difference.

But I hear you. I shall look at ubuntu-server and pfsense right away! :thumbsup:

I like canonical recommendations, the less I stray into the land of the weird the better.

 

[Essence_of_War]

That rant aside, thank you for your input! I do indeed use desktop distros because I was under the impression that server distros were the same minus the desktop environments. I figured that getting a bunch of LibreOffice and GIMP installed on top would make no difference.

They ARE built out of the same components, but there are some significant philosophical differences that feed into which components and tools are configured and run by default, and while you may be correct that the GIMP application shouldn't be messing with your dhcp, no one ever installs GIMP on its own, they usually install GIMP as part of a full desktop environment that includes other goodies.

For example, you mentioned IPtables, the design philosophy of iptables is "keep unwanted traffic out", while NetworkManager is "keep me connected to the internet". Those are somewhat crossed purposes, and if I was running a server, I'd really like some tool like IPtables, and if I was using a laptop, I'd really like a tool like NetworkManager, but I don't know that I'd necessarily want to be actively using both of them at the same time. Since NetworkManager is part of Gnome-desktop, not pulling in a desktop environment to my server means I don't have to worry about any potential conflicts from that.

 

[Red Squirrel]

For firewall/router there is pfsense. It's very nice and intuitive and you don't really have to use the command line. Even the setup is fairly straightforward. It's also very reliable. I've had mine hit over a year of uptime, and the only reason it's not longer is that as part of troubleshooting any connectivity issues I would reboot it but it was usually when my ISP was really out so it did not even have to be rebooted.

I would not share the file server on the same machine as the firewall, just to security reasons. For file pretty much any distro would do, I personally like CentOS, but Debian is a good choice too if you can get used to the differences such as where configs are stored etc. It's all a preference thing really.

I like to stick to one distro throughout my network though just for consistency, then once in a while I decide I want something newer, so I'll play around with different distros then any new system I setup I use it.

 

[RocketPants]

Thank you both for commenting.

I'm most curious about pfsense, I'll put it on my experimentation box first.

It was long since I tried BSD, but I remember it as quite stringent and true to its *NIX roots, which is the way I like it.

 

[Scarpozzi]

I'm not a fan of Ubuntu for server type stuff. Ubuntu variants are my preferred desktop these days, but I suggest sticking to RedHat-esque Operating Systems.

I'm a huge fan of CentOS. It's what I would use for that...if you need more documentation, you'll find it. Just be aware that 6.5 is going to be iptables and Cent 7+ uses firewalld. If you're just learning, go ahead and do what's new. If you have iptables experience and need to get it off the ground, go Cent 6.5.

I think Cent 6.5 should be good on full updates through 2017 if I remember and maintenance until 2020...so you can run it for a solid 4+ years before offloading its service to CentOS 7 or 8 whenever it releases.

 

[RocketPants]

I wouldn't say that I am learning, per se - since I am kind of dumb.

It is rather the case that I do stuff and when it doesn't work I try to fix it and then venture down the path of high blood pressure.

Such is my Linux experience back since the mid-90's. I occasionally think "Would not Linux be a better choice for this task?" and install it, spend a week working out errors, then give up. Like a tourist traveling somewhere spectacular only to be bedridden with diarrhea the whole time.

I thoroughly despise iptables, and I am willing to take up anything that will work as advertised both now and the next time I return to the box, be that years later. I shall consider this CentOS. Last time I touched Red Hat was back when Mandrake was the improved edition.

Also, I should mention that Windows is not free from idiocy either, although my success rate i usually higher. Right now I can't get the network type to hold between boots on one box, causing the firewall to block LAN access. It is apparently not uncommon for ASUS-based mobo NICs. >_<

Thank you for your time and wisdom!

 

[John Connor]

If you're wanting a firewall I'd check out Sophos Firewall and this: http://www.amazon.com/Intel-Fanless...p/B008KB5YCK/ref=cm_cr_pr_product_top?ie=UTF8

https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

 

[Joepublic2]

I run pfSense, based on FreeBSD, at home and it's very reliable (only time I have to reboot is to install OS updates) and very good about not introducing breakage in new versions. BSD is the king of OSes as far as networking goes IMO. It also has a much more structured/conservative development model. The only sticking point is poor support for wireless hardware, but you can solve that pretty easily by putting a cheap wireless router (I'm using a cheap n router that I got for free with my cable modem) into AP mode and plugging it into w/e you're using as a wired switch.

My setup is basically cable mode in bridge mode <-> pfSense box <-> 8 port unmanaged gigabit switch <-> wired devices with the wireless AP with a good (read >= 30 char, WPA2) passphrase and long/random SSID plugged into one of the switch ports. For security reasons you really shouldn't use the same device you're using as a NAT/router/firewall as a file server. It should really be on something on the LAN side of the NATing device. My desktop is always on anyway so I just use it as the file/print server (not great either but OK IMO if you're not worried about LAN side security threats).

I control the pfSense box completely over the network with the built in web interface.