RCP100 Basic Router Configuration on Ubuntu 12.04

I do like the idea of an open-source software router, and I’ve tried several of them so far. Most open-source routers would concentrate on implementing the main IP routing protocols one by one. Administration features like CLI or SNMP seem to get less attention. There is little or no support for integrated Access Control Lists, NTP, DHCP or DNS functionality. This is in sharp contrast with the commercial routers where administration and network management are first class citizens.

RCP100 seems to break the tradition. It has a Cisco-like command line interface (CLI), and all the regular administration and management protocols. Starting with version 0.99 it also features a simple and intuitive web interface, making the router accessible to less sophisticated users and beginner administrators.

In this article I will set up a basic RCP100 IP router on a Ubuntu 12.04 computer using the web interface. This means there will be lots of pictures and no CLI commands. Networking experts will definitely get bored.

I am installing the software on a regular Ubuntu 12.04 LTS computer running LXDE. This is an older 64bit machine with two Ethernet interfaces, eth0 and eth1. The computer is connected to the main network on eth0, and it is auto-configured using DHCP. Upstream, a regular small router handles the DSL Internet connection and provides DHCP services.

The steps are as follows:

Disable existing network services

I start by disabling DHCP on the Ubuntu computer. For this, I go into Preferences/Network Connections, press Wired connection 1 and in IP v4 Settings tab I switch the connection type from Automatic (DHCP) to Manual. I set the interface IP address and DNS servers field and save them. The values I chose are actually the same values pushed previously by DHCP. For DNS servers I use the public 8.8.8.8 and 8.8.4.4 provided by Google. I also disable Automatic (DHCP) on the other interface.

Starting with Ubuntu 12.04 version, a DNS server – dnsmasq – is installed and started by default on the computer. I disable it since it will collude with RCP100 DNS functionality. For this I edit /etc/NetworkManager/NetworkManager.conf and comment out the dns=dnsmasq line.

#dns=dnsmasq

When all is set, I restart Network Manager

$ sudo restart network-manager

Installing RCP100

RCP100 provides .deb packages for Ubuntu. The latest software version is 0.99.2 and it is available here. The package was build for Ubuntu 12.04 LTS and it will also work on Ubuntu 12.10. I use dpkg to install it:

$ sudo dpkg -i rcp100_0.99.2_1.deb

Reseting the computer in this moment will automatically start the router. You can also start the router manually with start rcp100 command, and stop it with stop rcp100 from a terminal.

Login

The next step is to login into the router using the web interface. I start a web browser and point it to http://0/index.html. I type in username rcp, password rcp and I am immediately asked to change the default passwords. I am then directed to the main router page.

From here I go to the configuration page, where I configure all router features I am interested in.

DNS configuration

In DNS configuration page I just enter the same DNS server addresses – 8.8.8.8 and 8.8.4.4 – as before, and I enable DNS proxy server services. Then, I type in the password and press Save Configuration button. The local DNS proxy server is started immediately. Anybody on the network can use this server to speed up name resolution.

Interface configuration

Interface configuration page allows you to set the IP address for all interfaces. I enter 192.168.1.19/24 for eth0 and 192.168.22.1/24 for eth1.

br0 and br1 are two bridge interfaces created by RCP100. The interfaces are mainly used for connecting virtual machines to the real network. If you don’t need them, just mark them as shutdown.

NTP configuration

The last configuration item on the menu is Network Time Protocol. I specify two external servers for synchronization and I enable the local NTP server. I intend to use this server to synchronize the time on all the other machines on the network.

Conclusion

RCP100 is easy to install and run on a regular Ubuntu computer. The web interface is easy to use, you can basically set the router without any CLI knowledge. If you are a CLI fan, you can always telnet into the box and set it using the regular CLI commands. Most of the commands are exactly as Cisco’s, the occasional differences are minor and can be resolved easily by typing “?” on the prompt line.

How to send emails from command line

SendEmail is a lightweight command line SMTP agent. It was designed to be easily integrated in bash scripts, Perl programs etc. The program is in fact a Perl script, and it is distributed under GPL.

I’ll start by installing SendEmail, and I will then show how to send the email using a regular gmail.com account or a yahoo.com account. You can send the email to this account, or you can use the account as a relay. The same procedure can be used with most of the online accounts.

Installing SendEmail is easy:

$ sudo apt-get install libio-socket-ssl-perl libnet-ssleay-perl sendemail

Sending an email using gmail.com is as follows:

$ sendemail -f username@gmail.com -t destination@domain.com \
-u “this is the subject of the message” \
-m “and this is the message” \
-s smtp.gmail.com -o tls=yes -xu username -xp password

username and password above are your gmail.com username and password. The message is encrypted using TLS. destination@domain.com is where you want the message to be sent.

Similarly for yahoo.com:

$ sendemail -f username@yahoo.com -t destination@domain.com \
-u “this is the subject of the message” \
-m “and this is the message” \
-s smtp.mail.yahoo.com -xu username -xp password

SendEmail comes with a regular man page and very extensive documentation accessible using –help option. For example:

$ sendemail –help networking

NETWORKING DOCUMENTATION

Networking Options
Options related to networking:
-s SERVER[:PORT]
-b BINDADDR[:PORT]
-o tls=
-o timeout=SECONDS

-s SERVER[:PORT]
This option allows you to specify the SMTP server sendEmail should
connect to to deliver your email message to. If this option is not
specified sendEmail will try to connect to localhost:25 to deliver
the message. THIS IS MOST LIKELY NOT WHAT YOU WANT, AND WILL LIKELY
FAIL unless you have a email server (commonly known as an MTA) running
on your computer!
Typically you will need to specify your company or ISP’s email server.
For example, if you use CableOne you will need to specify:
-s mail.cableone.net
If you have your own email server running on port 300 you would
probably use an option like this:
-s myserver.mydomain.com:300
If you’re a GMail user try:
-s smtp.gmail.com:587 -xu me@gmail.com -xp PASSWD

-b BINDADDR[:PORT]
This option allows you to specify the local IP address (and optional
tcp port number) for sendEmail to bind to when connecting to the remote
SMTP server. This useful for people who need to send an email from a
specific network interface or source address and are running sendEmail on
a firewall or other host with several network interfaces.

-o tls=
This option allows you to specify if TLS (SSL for SMTP) should be enabled
or disabled. The default, auto, will use TLS automatically if your perl
installation has the IO::Socket::SSL and Net::SSLeay modules available,
and if the remote SMTP server supports TLS. To require TLS for message
delivery set this to yes. To disable TLS support set this to no. A debug
level of one or higher will reveal details about the status of TLS.

-o timeout=SECONDS
This option sets the timeout value in seconds used for all network reads,
writes, and a few other things.

$

Ubuntu Cleanup

I’ve recently installed Ubuntu 12.04 Long Term Support (LTS). The main advantage of a LTS distribution is that once you clean it up, it stays like that for two years.

Unity

First step is to switch your desktop to LXDE, unless you like Unity or Gnome the Third. The recommended way is to install Lubuntu, in my case I will install LXDE on top of regular Unity. If you already have regular Ubuntu installed, it would be too much trouble to start downloading and installing everything. Also keep in mind that Lubuntu is not a LTS release, and the applications installed are different, for example Goolge Chromium instead of Mozilla Firefox, or Gnumeric instead of LibreOffice Calc. LXDE is such a small desktop component, it might be a better idea to chose your distro based on the applications it provides and switch the default desktop environment to LXDE.

$ sudo apt-get install lxde

Logout and login again, this time in a LXDE session and start cleaning up all the processes that don’t make sense. Here are some of them:

avahi

Avahi is a zeroconf implementation and a system for multicast DNS/DNS-SD service discovery. Its job is to assign an IP address on an interface (RFC 3927) if a DHCP server is not present on the network, or if a static address was not configured. It allows you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. Right… the only reason I start my computer every day is to find files being shared on my local network!

The only way to disable avahi is to modify several configuration files in /etc directory as follows:

/etc/init/avahi-daemon.conf – add the word never below:

start on (never
	 and filesystem
	  and started dbus)
stop on stopping dbus

/etc/network/if-up.d/avahi-autoipd – add an exit 0 as soon as the script starts

#!/bin/sh
exit 0

/etc/network/if-up.d/avahi-daemon – add an exit 0 as soon as the script starts

#!/bin/sh
exit 0

Zeitgeist

Zeitgeist is a service which logs the users’s activities and events, anywhere from files opened to websites visited and conversations – for sure is not needed on my computer. However, they say Gnome3 and Unity cannot function without it – piece of garbage if you are to ask me!

Start by disabling the access to the database:

$ chmod -rw ~/.local/share/zeitgeist/activity.sqlite

Restart zeitgeist, it should fail miserably:

$ zeitgeist-daemon —-replace
[21:15:40.425853 WARNING] Could not access the database file.
Please check the permissions of file /home/user/.local/share/zeitgeist/activity.sqlite.

Purge all zeitgeist packages from the system:

$ dpkg -l |grep zeit
ii libzeitgeist-1.0-1 0.3.18-1ubuntu1 library to access Zeitgeist – shared library
ii python-zeitgeist 0.9.0-1ubuntu1 event logging framework – Python bindings
ii rhythmbox-plugin-zeitgeist 2.96-0ubuntu4.2 zeitgeist plugin for rhythmbox music player
ii zeitgeist 0.9.0-1ubuntu1 event logging framework
ii zeitgeist-core 0.9.0-1ubuntu1 event logging framework – engine
ii zeitgeist-datahub 0.8.2-1ubuntu2 event logging framework – passive logging daemon

$ sudo apt-get purge libzeitgeist-1.0-1 python-zeitgeist rhythmbox-plugin-zeitgeist zeitgeist zeitgeist-core zeitgeist-datahub

ubuntuone-syncd

Ubuntu One is a file syncing service similar to Dropbox. It takes a lot of RAM memory and generates a lot of traffic on the network. Even if you didn’t sign up for the service, the thing is still loaded and running. Get rid of it if you don’t really need it.

Do a dpkg -l | grep ubuntuone and purge all ubuntuone packages from the system.

$ sudo apt-get purge gir1.2-ubuntuoneui-3.0 libubuntuoneui-3.0-1 python-ubuntuone-client python-ubuntuone-control-panel python-ubuntuone-storageprotocol rhythmbox-ubuntuone ubuntuone-client ubuntuone-client-gnome ubuntuone-control-panel ubuntuone-couch ubuntuone-installer

Also, remove the storage in the local directory:

$ rm -fr ~/.local/share/ubuntuone ~/.config/ubuntuone ~/.cache/ubuntuone/

Like all the other processes discussed here, ubuntuone-syncd will be gone after the next reboot.

whoopsie

This is Ubuntu error reporting daemon. It also takes a lot of RAM memory, and occasionally crashes trying to send reports to Canonical.

$ sudo apt-get purge whoopsie

cupsd

The good old UNIX printing service – if you are not using a printer, just remove it.

$ sudo apt-get purge cups

modem-manager

Probably my desktop weights more than 20lb, not to mention the monitor, the desk and the chair. It is not a mobile station, why should I run modem-manager? If there is a remote use case for something, you can depend on Canonical to enable it by default.

$ sudo apt-get purge modemmanager

bluetoothd

Looking through my process list with ps aux I run into bluetoothd. Unfortunately I don’t have one of those wireless keyboards/mouse and I don’t really care about synchronizing portables, so off it goes:

$ sudo apt-get purge gnome-bluetooth

You also need to edit /etc/modprobe.d/blacklist.conf and add a blacklist bluetooth at the end of the file

blacklist amd76x_edac
blacklist bluetooth

colord

colord is a system daemon that manages device color profiles, whatever that is… I mean it was… Just to help you make up your mind regarding removing colord, this is what the urban dictionary has to say about “I mean”:

Meaningless American use of the English language. Often reflective of a complete lack of content in what they are saying – people of average intellect, articulation and education will simply pause and think about what they are saying. Probably due to American television with programs such as “Clueless”, “Legally Blonde” and “the OC”, which depict successful people as not requiring any form of intelligence or decent command of the English language. In real life, these people look stupid, act stupid, and everyone thinks they are stupid. Typically, they fail intelligence tests.

You’ve been warned!

$ sudo apt-get purge colord

deja-dup-monitor

Déjà Dup is a very powerful backup tool included with Ubuntu. All things powerful consume memory and lots of CPU cycles. If you are like me and never do a backup, you can lose it.

$ sudo apt-get purge deja-dup

getty

getty process runs on text-mode consoles and waits for someone to log in. It then configures the tty device and spawns a login shell. In my Ubuntu box there are 6 of them waiting for a login that will never happen – as I said earlier, I am running LXDE. I would keep however two of them, just in case…

getty is controlled by tty*.conf files in /etc/init directory. Keep tty1.conf and tty2.conf in /etc/init and move tty3.conf, tty4.conf, tty5.conf and tty6.conf in some safe place outside /etc directory. In case you ever need them, you just move them back.

update-notifier

You definitely don’t need this. It will bug you daily to update your software while holding a lot of memory hostage and doing absolutely nothing. What’s next, a do-your-homework-notifier?

$ sudo apt-get purge update-notifier

You are the boss, so you do updates manually whenever you feel like it.

sudo apt-get update && sudo apt-get upgrade.

acpid

acpid deals with such events as closing a notebook lid, removing power supplies, phone jacks etc. It doesn’t make sense to run it on a desktop.

$ sudo apt-get purge acpid

Java

This is an ongoing security nightmare, this is how you get rid of it:

$ sudo apt-get purge openjdk-\* icedtea-\* icedtea6-\*

Xapian

Another useless piece of functionality. You can find more about it here and here. The bug was opened a few years ago in Lubuntu, and it is still waiting for the “big guns” to decide what to do about it. Until they fix it, if they ever do, just

$ sudo apt-get purge apt-xapian-index

Conclusion

After years of running Gentoo and Fedora, switching to Ubuntu is shocking. The desktop is cluttered with Canonical branding and marketing software, it is comparably slower, and some people say it lacks privacy. It doesn’t have to be this way, you can always remove the annoying Canonical bits starting with Unity.

On my desktop – 64bit AMD dual core – once everything was removed, free command is reporting 159MB memory in use after startup. I can probably get 15MB less if I scrap NetworkManager and just start dhclient manually from /etc/rc.local.

The surprise is that a similarly pruned Fedora 17 system was starting at 210MB, quite a lot compared to Ubuntu. I would definitely recommend Ubuntu over Fedora any time. The only problem is that you have to clean it a little, as every existing obscure open-source functionality is started by default.

Related Posts

Ubuntu Desktop Memory Comparison

ezchroot

ezchroot is a small script to chroot into OpenVZ containers. Once inside, you can update or modify the container software. The operation is similar to ezlxc.

#!/bin/bash

if [ $# -gt 0 ]; then
	echo
else
	echo "Usage: ezchroot directory"
	exit 1
fi

cp -L /etc/resolv.conf $1/etc/.
mount -t proc none $1/proc
mount --rbind /dev $1/dev
mount --rbind /sys $1/sys

echo "entering chroot directory"
env NAME=chroot chroot $1 /bin/bash
umount $1/proc
umount $1/dev
umount $1/sys
echo "chroot exited"