Progress on T1s and Public Wireless

AT&T and CenturyTel have installed the data circuits for the new T1s at each branch, this is what will carry the connection between a branch library and the Internet. Merit will be in contact with us soon to schedule times to finish the installation.

Last Friday, I finally got all the needed feedback from each librarian for the time and print management solution. Some branches will stick with the manual solution that is currently in use, some will have time management only, will others will have the full package. This week, more research will be undertaken on at least two more vendors, then I will ask for a quote. The equipment needed to deploy public wifi at our other branches was ordered too. Each branch will have a Buffalo WHR-HP-G54 wireless router (re-flashed with either DD-WRT or OpenWRT) and two Buffalo external antennas needed for two of our locations.

The routers are Buffalo Technology's latest model and have greater range than the Linksys unit deployed at East Tawas. This should insure coverage within a library. The external antennas are going to be used at two of our libraries so that the routers can be placed in a secure location.

Content Fitering/Caching/WifiDog Server on Xubuntu

As of yesterday, the server is now running Xubuntu 7.0.4 Feisty Fawn, with Shorewall and more current builds of major software installed and running.

After configuring Shorewall, which handles firewall configuration on startup, I must say that it's pretty easy. On Mandriva 2006, I used a simple iptables script which configure the firewall; and it worked very well. Unfortunately, I couldn't use the script in Xubuntu (it's a different Distribution of Linux), requiring Shorewall, which is what delayed transitioning to Xubuntu because the server must have a firewall; otherwise, less-ethical individuals could use it as an anonymous proxy server or spam relay.

Truth be told, there's nothing magic or complicated about securing a server. A firewall simply determines what traffic is allowed in and out. Shorewall is a program that configures iptables (which actually handles firewall duty) by reading from various configuration files. Each file handles a different aspect of how the firewall is configured; which gives you greater flexibility.

For our purposes, the firewall simply allows anyone to access the web server (for WifiDog) and SSH, while only allowing computers in our district access to content filtering (preventing it from becoming a spam relay).

There's still a lot of work left to do. SSL encryption and mail (sending validation e-mails) need to be configured, Also, the data from the existing WifiDog server needs to be transferred to the new server. However, the most critical software is up and running.

T1s Are On The Way

As of yesterday, we are on the USF Commitment List. That means not only are we going to upgrade our Internet Connections but we will be receiving a sizable discount for them. The District Director will be contacting our ISP tomorrow, and we hope to have things rolling pretty quickly.

We will also be fully deploying Public Wireless access to all our other branches as each connection is upgraded.