Tip of the Trade: Zeroshell

Tuesday Mar 13th 2007 by Carla Schroder

Looking for big network services in a small package? Zeroshell, a specialized Linux distribution, is well-suited for embedded devices and small form-factor computers. It can also run on a PC hard drive or from a bootable CD for easy testing.

Hand-rolling your own Linux-based network servers, routers and wireless access points is easier than ever largely because of the proliferation of tiny, specialized Linux distributions like Zeroshell.

Discuss this article in the ServerWatch discussion forum

Zeroshell weighs in at just over 100 megabytes, making it perfect for embedded devices like PC Engines WRAP boards, Soekris boards, Mini-ITX, and other small form-factor computers. It also installs to a hard drive on ordinary PC hardware, or it can be run from a bootable CD for easy testing. Even production systems can run from the CD; you just need another device for data and log storage.

Suppose you have a nice little PC Engines WRAP board. Get yourself a 512MB Compact Flash card, and you'll have 400MB available for data storage. Which should be way more than you need, especially if you have a separate syslog server. It is a good practice to store logfiles on a separate device for better security and performance, and fewer writes on your CF card.

What can this little Linux do? Pretty much everything a network administrator needs. First off it's very nice to administer because of its sophisticated Web administration or serial console administration. From here, you can run a RADIUS server, use Kerberos authentication, build a stout iptables firewall, or set up a secure virtual private network (VPN) endpoint or server.

Zeroshell shines at setting up a RADIUS authentication server. The most painful part of using RADIUS for wireless WPA2-Enterprise (using EAP-TLS and PEAP) authentication is creating a certificate authority, and client and server certificates. Zeroshell removes the pain with its easy-to-use Web interface.

Zeroshell also includes a captive wireless portal with Kerberos authentication. Future releases will include accounting and time-tracking. This captive portal has some nice options, such as allowing "free" users that don't require authentication and users that do. It also can use external Kerberos realms for authentication, such as an Active Directory server, so it works for both public hotspots and private networks.

Zeroshell has many excellent features, including multizone DNS, and static and dynamic routing. See the Zeroshell site and mailing lists for more good information.

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved