Why do you think that this means you can’t use FirewallD with iptables if you need to? You can switch the setting back to iptables if you wanted to. As for shorewall, it’s in Fedora EPEL for CentOS/RHEL 8.
Why is SCL so important here over Application Streams?
Of course you can, but I’m not sure the switch will worth the effort.
Because we have multiple versions of the same software running on the same machine.
I disagree. In the current world of virtualization, I’d prefer to have all services on the same platform. Not necessarily on the same instance.
This could mean to have a NethServer Gateway server doing routing, VLANs, firewall and IDS. Have a NethServer accountprovider doing Samba4AD accounting and have a NethServer for filesharing, printsharing, and many more other services. Even split up those services over several instances. This can be done on different physical servers or on a single server or cluster running a type 1 virtualization layer like Proxmox.
So please keep the Gateway functionality so we can keep a complete set of services with NethServer.
Ball is not into Nethserver development, but in finding a shorewall replacement.
Nethesis forked IPCop several years ago, and now is using the same CentoOS base plus some other tools to deliver gateway and server features, sometimes integrated in single installation, sometime as separate.
Some of the “application features” on the gateway are quite smart, but considered unsafe from security junkies of other projects (which are lacking of multi wan feature… still not wishing to deliver that).
Nevertheless… Gateway features seems less interesting for the project which is much more server oriented (mind the name) than gateway. Also, a lot of “less smart” features are delivered by “inexpensive” boxes, instead that a power-greed computer, which are quite hard to compete in performance to price ratio, for SMBs.
So… if a shorewall replacement won’t appear, maybe nethesis will consider to fork the third project after IPCop and SMEserver.
I just switched off my home nethserver mainly because of the energy consumption (roughy 55Wh, old core 2 duo) and tried to replace it with a rapsberry pi running raspbian… and docker.
I have now seven containers running smoothly that were a breeze to configure : much, much easier that what I was used to when trying to install them directly on my NS server. Node-Red, Homebridge, Grafana, InfluxDB, qbittorrent, Plex… All those apps were deployed within minutes and without the hassle of handling dependencies, rights, conflicts, obscure configurations, …
I miss NS, but it baffled me how those docker containers were efficient and easy to deploy.
I’m not an expert of anything, just a wannabe syasdmin, but I believe NS 8 should take the pill and go for a containerised way of distributing modules, wether home made or coming from the outside. I may miss something (actually that’s pretty sure), but I don’t want to miss the occasion to tell you about my own experience and needs.
@pagaille, you realize NethServer has the option to run containers too using portainer? Sure, the base is heavier on resources. If you are looking for a rpi grade of appliance, you can’t expect to run the current NS install with all bells and whistles very smoothly. If the rpi is all you need, then NS isn’t your solution. For every job there is a tool to use for. Don’t try to add a nail in a board with a sledgehammer.
Also, don’t try to drill a 50mm wide hole in a 30cm thick reinforced concrete floor using a dremel.
Maybe you are right to start using containers more often. It would be kind of nice to have a ‘containerstore’ in servermanager, although portainer probably can access docker store.
1 step further would be having Kubernetes or another orchestrator available.
Well… sincerely i won’t use NethServer for containers. It’s not its purpose. End of the OT.
IMO that is not off topic. This topic is a discussion on what we want or need from a Server distribution that aims at SOHO, Small and Medium Enterprises, and (yes I am biased) schools.
And we need as much input from as many as people as possible.
So please elaborate. I can imagine containers are used 1 layer up, or on the same layer as NethServer, when using proxmox, and let proxmox manage the containers. Or on even larger scale where a tool like K8s or docker-swarm kick in.
We might have a reasonable clear view on where NethServer at this moment fits in for which usecases, but we also can’t close our eyes from the immensely fast developments.
I think the discussion should be about where NethServer fits in the (near) future. Is that still an ‘on-premesis server’ that can deal with most services? Are (part of) the services moving to datacenters (hate to call it ‘cloud’)?
I don’t see companies leave their offices any time soon, although remote work is taking a huge leap now due to Covid-19. And until there are still people working in a certain location, there will be a need for services close by, preferably as close as in the same building to avoid lag and bandwidth problems.
In rural regions, where a stable internet connection is not guaranteed or even obvious, a server that can provide all services without depending on a fast and stable internet connection is a huge plus.
IMO NethServer has a role in exactly that scenario.
So, please shoot and add your opinions. Let us discuss this (IMO) very important topic about the future of this project.
I joined this community as it appeared that nethserver fits best, when I was evaluating which distribution would fit best to replace our old systems in our small company, and I am very happy with my choice.
What I would love to see in the main repo is some integration of a webconference solution for more than 4 concurrent participants, be it a stable package for jisti-meet or a high performance backend powered talk app inside nextcloud.
@Elleni you call, we deliver… well, almost. We are VERY busy getting Matrix-synapse with several bridges available on NethServer. Currently Element is already available and we are busy getting Jitsi-meet bridged with Matrix-synapse.
I am currently installing a complete conferencing set on a NethServer VPS so we can use it for our annual community meeting during Fosdem, first weekend of februari 2021. The event is taking place online this year due to Covid. More to follow on this in a separate topic.
But please stay on topic in this thread. It is important we chime in all and just say what we think is best for NethServer or for our own needs, what is more or less the same because NethServer is not helped when people abandon the project because it doesn’t fit their needs anymore.
Hi Rob,
Very interesting. That should be great for giving a course on NS, isn’t it ?
Michel-André
I’ll try: i simply won’t use a spoon to open a can.
If a Hypervisor is needed, i will use it. If a container approach is needed, i will use it.
Currently, NethServer is neither both of that. And i think is quite useless and out of focus put above NethServer the whole stack of containers or hypervisor, only to have “only one server”.
It were proposed a module for managing KVM virtualization above NethServer, but AFAIK is not available any more, even if KVM is already available as support on CentOS.
NethServer can do a lot of things, currently “one man band” installation for a office or a small company, but the real “core” of nethserver is the template management.
All the functionalities are coming from well known packages of linux (postfix, samba, dovecot, sieve, squid, dhcpd, dnsmasq, shorewall), free version of projects/products (nTOP, NextCloud, Mattermost) and a stack of tools for using other products (FreePBX for accessing and managing asterisk).
Don’t get me wrong, it’s a hell of job to keep pieces together, but when a piece will fall (shorewall) unless a new and… sufficiently easy piece to integrate will be considered, the feature will fall, expecially if there will be not updates or support from the customers.
Customers wants solutions; well, containers or hypervisor on top if NethServer IMVHO is calling for problems, not solutions.
NethServer 8 will substitute modules with containers? As already stated before, some modules are perfect for becaming containers (webtop, unifi management , MatterMost, even Asterisk), some others not.
And also: who’s willing to have a server without IPv6 management and support, as next generation?
No. CentOS is already supporting it not an answer, CentOS supports IPv6 at least since 6.x (don’t know even if 5.x had it). I mean… IPv6 was available in Windows XP buddies. The demonified and use like a scarecrow from most of sensed users of this community.
Thank you @pike for your insights. This is very valuable information that we should weigh in in how the project is going on.
I agree with you that having NethServer as KVM host is not a logical one. However, I am not convinced that it couldn’t be a host for containers. If you consider that containers are to offer services, not OS’s (VM’s). Isn’t this the current usecase for NethServer? Offering services in an easy to manage interface? The services will still be coming from well known packages of linux like you mentioned.
Many members of our community (including me) went for a virtualization layer under a NethServer install. Because it eases the admin tasks even more by the availability of taking snapshots and easily spinning up a fresh instance of NethServer by using a template.
Using containers for services instead of installing them directly on NethServer isn’t that the next step in easing up the sysadmin tasks?
I don’t want to persuade you to go along with this way of thinking. I am not sure if I am completely happy with this way of thinking myself, but we are still brainstorming and getting our options.
I’d love to hear more and different ideas and options.
I do want to come back to this point by @giacomo in the opening post. I don’t understand why this is said, because there is a shorewall package in epel. Did I miss something substantial?
https://centos.pkgs.org/8/epel-x86_64/shorewall-5.2.2-4.el8.noarch.rpm.html
Personally, I’m not a big fan of the Docker way of doing things, though part of that may be my ignorance of how to use it to my advantage (this is a fight^W discussion I’ve gotten into a number of times on the FreeNAS forums too, FWIW). But it isn’t clear to me that it would necessarily result in a major change to the way Neth works from an end-user (or perhaps end-admin) perspective.
From my perspective as an admin, what makes Neth attractive is that it provides a number of useful LAN and WAN services, it provides a reasonably secure configuration out of the box, and it’s easy to administer. And it uses the e-smith template system for configuration, meaning migration from my SME server was pretty much painless. I wasn’t especially concerned about what technology was being used under the hood.
I’d expect that a largely Docker-based system could work pretty similarly from the perspective of the normal admin–there would still be a server manager GUI, it would still run a configuration database, and the relevant application configuration settings would be driven from that database. Right? I’d expect this to make a lot of work for the devs (which may be a good enough reason not to go this direction), but it seems like it could be relatively transparent from a user/admin perspective.
What would be important, I think, is that the Neth system be more than just RancherOS/Portainer/some other GUI Docker manager–there are lots of those out there. The relatively-unified server manager (old school, Cockpit, or something else) is essential, IMO.
Hi Robb
I’d fully agree with this, but I’d also like to note:
At the moment, I can increase the services on NethServer as much as I like, besides the AD component, which needs an IP for itself, there’s NO need for any other IPs or complexity.
Using Containers, I may have to use 20, 30 or even 50 different IPs and Networks, to get the same effect as before. Supporting this won’t be easy! I consider myself Network agnostic, after working with so many networks, it’s not a real issue for me. However, I do like correct & complete documentation, and this is where the work increases!
Besides which, I can just imagine a mail server using 10 or more IPs… (Dovecot, SMTP, Webmail, Database for Webmail, add in NextCloud / SoGo / WebTop including their needed Databases…)
The BIG headache may be getting correct DKIM / SPF / etc working for mail - with so many IPs!
My 2 cents
Andy
It probably would be good to clarify what kind of containers we’re talking about–LXC, Docker, something else? I don’t think a system using LXC containers (at least, if they behave as they do under Proxmox wrt networking) would make a very good replacement for Neth.
In that case, doesn’t Docker ordinarily create its own network? You then need to deal with exposing/forwarding ports for the containers, but you aren’t eating up IPs on your green network.
Docker does create it’s own network - somewhat uncoordinated…
And that’s where problems can crop up. Not for a private home user (rarely), but in SME and larger environments, using 10.x.x.x or 172.x.x.x networks…
I had one experience which took two days to solve…
A Docker Container picked the IP of the default gateway (And dhcp server). After starting up, no network… 
No infos before, an unusual network for a home (172.30.31.0/24)… And yet it screwed up classically!
My 2 cents
Andy
