I prefer using a virtualizer that offers USB support to do the install. I have used a real PC with data on it while fatigued, entered in the wrong partition, and ended up with a really bad week of restores. Virtualization allows you to only load to the USB drive and keeps your PC protected from accidents. I like to use the virtual machine with no hard drive, which makes the install simpler especially when the USB flash drive is connected before install. You can't mix up partitions or boot areas with only one drive in the virtual machine.
There are many sites about making bootable USB pen drives with Ubuntu Linux and most of these sites have the user put the ISO on the thumb drive instead of actually installing a Linux distribution onto the USB flash drive. I like to actually place the whole operating system on a USB flash drive so I always have the full operating system available. Many sites will tell you the ISO install is best but I disagree. Flash drives are much cheaper today and you can split an 8 GB drive into a Linux and a VFAT partition. I prefer using a virtualizer that offers USB support to do the install. I have used a real PC with data on it while fatigued, entered in the wrong partition, and ended up with a really bad week of restores. Virtualization allows you to only load to the USB drive and keeps your PC protected from accidents. I like to use the virtual machine with no hard drive, which makes the install simpler especially when the USB flash drive is connected before install. You can't mix up partitions or boot areas with only one drive in the virtual machine. Begin your install by selecting keyboard type and entering your host name along with other information until you reach the partition screen. The flash drive used here already had two 8 GB VFAT partitions and I erased the second one and use it for Linux. I usually select the Ubuntu alternate CD and manual partitioning but if you have only one USB drive in your VM, then you can use auto install and the whole flash drive if you won’t need the VFAT for sneaker net with other computers. It is a good time to note the path of your USB thumb drive if you have multiple drives in your system. It is /dev/sda in the virtual machine and typically /dev/sdh on my physical desktop. You might need that for the bootloader install later if you are doing this on a physical machine with multiple disk drives. Ensure the partition type is primary and bootable then select your filesystem type. I have used ext4 and ext2 succesfully. You may wish to read the benchmarks and to determine your filesystem choice then work on performance later. Note that I create the system with no swap space since the computers I would boot from typically have 2 GB of ram which tends to be enough for my needs. Also, I use a USB disk drive with 200 ms write speeds but I have found paging to slow the system down. I used to turn off browser caching and the syslog service in the past but I find newer systems perform fine with these on. Commit your changes, create the filsystem, and begin the user creation process. I like to encrypt my home directory with the built in ecrypt filesystem which leaves me feeling comfortable should I lose the USB key disk. The next step is the one that can be a nuisance should you use a physical PC. If you have only one disk, the Ubuntu installer will place the boot loader on the master boot record of the disk. If you have multiple drives, then select manual and enter the drive name on that page. On my desktop, the drive usually appears as /dev/sdh so I use that for physical installs. You must be careful not to override a bootloader on a machine you are using just for installing to a USB disk drive. You can see in the picture with the drive booted that I am using a Patriot XT flash drive on /dev/sda running Ubuntu 11.10 Oneirc Ocelot. Related articles I mentioned on my blog that I have switched to DD-WRT on my Linksys e3000 router mainly because I was frustrated with Cisco's software requiring a Mac or PC in order to make some feature changes. I got locked out of the desktop software once I setup security to my preferences. So here are my firewall rules built with the help of Firewall Builder. We'll start by looking at the NAT rules. Rule 0 allows all networks to NAT out to the Internet. Rule 1 is disabled but allows access to the DMZ. The DMZ is off during the summer to keep the DMZ server from running up the electric bill. Rule 2 is a lazy rule that enables me to print to my networked laser printer while I work from home logged into the work VPN. I say this is lazy due to having used a much better design in the past. In the past, I had Apache with SSL reverse proxying to CUPS. I used an HTTPS URL with Windows XP to print remotely. This protected data in transit across the internet. The current setup will be disabled anyway for printing seems to have been killed off by the dual monitor setup. The printing rule is restricted to the VPN Internet exit IP address. We'll now look at the firewall rules. Rule 0 adds all internal networks to the Anti-Spoofing Rule. Rule 1 enables loopback network communication on the router. Rule 2 is sloppy but lets DHCP work on the internal network. You can see this done better in Firewall Builder's templates. Rule 3 gives the guest network access to essential services on the gateway. FTP is provided so guests can take advantage of the USB Drive attached to the Linksys e3000. Rule 4 ensure all trusted networks can access everything needed on the home gateway. Rule 5 lets ping and traceroute work. Rule 6 lets the router communicate to everything on the network. Rules 8 through 10 enable the VPN to be accessed from the outside and HTTP for rule 9 which is disabled at this time. Rule 11 allows printing while on a work VPN. The work VPN disables all local access when the VPN is activated leaves me unable to reach my network printers. Rule 12 stops all traffic not otherwise allowed to the firewall box. Rule 13 enables the guest network access to the outside world only. Note the guest network can not access the other networks. Rules 14,15, and 16 allow the trusted networks to communicate everywhere. Rule 17 will drop everything else not previously allowed in my home firewall. Here are the raw iptables rules script as created by Firewall Builder for DD-WRT. |
Journal
This is the place for notes and updates. Archives
March 2013
Categories
All
|