This Is Not An Easy Job

My job title is "Computer Teacher" at small private school.  And before you decide that "private" means that we have money to spare, you could not be further from the truth.  My technology budget for everything except Internet access is $1800.  That's HALF of the same line item from last year.  It is a number which has not changed in over 10 years until it got slashed last year.  Forget about getting NEW technology, I am restricted to only replacing broken equipment and begging for money left and right.  We also have to constantly look for open source solutions whenever possible which means that I need to find more time for the research and instalation time and hope it doesn't break on me.

But that is not why I am venting right now.  I am frustrated because I am, by default, THE I.T. guy for the school, a responsibility that is NOT in my job description. I have learned a great deal in the last 8 years in this position but there are things I simply cannot do -- issues for which, in the past, I have been able to outsource to solve.  This year, things are very tight and I have to do more myself, despite my lack of knowledge in these areas. What I really want to do is focus on my teaching.  Instead I have to fix, replace, troubleshoot, etc.  When I can squeeze it in, I have file paperwork for federal discounts on phone and internet services from the E-RATE program or collect/ship cartridges for recycling fundraiser we run. Forget moving forward, I am simply racing to keep our ground-losing to a minimum.

Don't get me wrong.  These things greatly help our program but the also a lare huge distraction from my REAL job of teaching.  It's a pain sometimes and I get tired of sacrificing my time and energy for things that don't help me to be a better teacher.  So far, I am doing a fair job of not letting my teaching suffer due to these distractions, but I could be a more inspired teacher if I were able focus more on the duties listed in my job description.  

Some day....

IPCop Clean Install

OK, so I screwed up.  After some comments left on this blog by "Anonymous" discouraged me from running IPCop over VMWare on a Win2003 Server for a "live" environment, I decided to do a clean install of IPCop running native. So far, everything is going fine.  I installed the URLFilter addon and setup Snort (intrusion detection) and have begun testing the new box in preperation for going "live".  All went smoothly once I decided to switch 320 GB HD out for a 80GB to avoid any 48-bit issues with drives over 136GB.  Besides, I don't need THAT much space.  The only glitch is that I accidently ran the install using IPCop 1.4.2 instead of 1.4.20, which are different animals. I suppose I could have downloaded the 1.4.20 ISO and do another install but, since I am a newbie with IPCop, I decided to run the approximately 18 patches in succession to get it up to 1.4.21.  Once I figured out the system (and that I didn't have to expand the .tar  files before uploading), everything went fine and I was able to see the changes as IPCop had grown since 2005.  It was a bit tedious but a good learning experience.  Thanks again, Anonymous!

IPCop Deputized

After much research and time, we have decided to try out the IPCop firewall with URL Filter for the school's needs. Our VERY limited budget made the decision even more difficult. So, we are currently testing it as a VMWare appliance on a Windows 2003 box. For the time being, we are directing 2 computer's traffic through it to test the waters. While IPCop is running in transparent mode, our LAN currently uses a Surfcontrol plugin on an ISA server and forcing the transparency to happen would require removing the MS Firewall client for all machines. A friend of mine will be scripting this so that the all workstations we be automatically run the uninstall.

One issue I am having is that I sometimes have to ping the IPCop box from the workstation in order to get internet access. For the testing phase, I am simply using IPCop as the gateway, but Linux seems to have an issue recognized other nodes on the network unless they are pinged. I haven't been able to find out much about this by Googling it. I guess I'm not using the correct keywords. If has any information on this, I would very much appreciate hearing about it. I suppose I could write a boot script but my guess is that there is an easier way. Anyone?? Does the fact that it is a VMWare appliance affect things? Thanks!!

Add your comments below.

Comcast Boost Realized

I've been hearing about Comcast business customers getting a speed boost but I hadn't seen that happening on our connection. Today, I received a letter from Comcast indicating that our connection speed, previously 8Mb/1Mb, had been doubled both downstream and up speeds. The letter also indicated that I might need to do a hard reset on the cable modem to see the new speeds. So, I reset the modem and, sure enough, we are getting faster speeds that we were previously set up for, though I have never seen us near the cap from a workstation on our network (but who's complaining). Nice! Great for a school on an ever DECREASING budget.

I had also heard about a Power Boost feature to give you a quick boost on your first 100 MB (or something like that). The letter I received did not go into specifics but did refer to such a feature.

We will be upgrading our servers soon. More posts to come on that. Stay tuned!

Dell Laptop NIC issue -- Odd Mystery Solved

A friend brought me a Dell laptop yesterday.   I don't recall the model number but it was approximately 2 years old. She said she couldn't get it on to our network using the Internal NIC card.  I told her to bring it to me and I'd take a look at it.  I promptly plugged in a Cat-5 but the Internal NIC remained disabled.   What gives?   This was truly a mystery.  I checked all the DHCP setting and such.  Nothing seemed out of the ordinary, yet I simply could not enable the NIC. 

After about 20 minutes, the battery was beginning to run down so I plugged in the AC adapter for charging and decided I'd return to it a short time later. When I resumed my troubleshooting,  I connected the laptop via wi-fi access point to my network and noticed that the internal NIC card was now connected as well.  I wasn’t going to question why it was suddenly working so I unplugged the laptop (so it was now running on batteries) and walked it down to my friend, whose office is on our school campus. I plugged it back into the wired network and, once again, the NIC was disabled.  I started digging through ALL the settings I could find.  It turns out there was a separate control panel for the internal NIC.  When I explored it, I discovered an obscure checkbox.  It was for an option to disable the Internal NIC when the laptop was running on batteries.  What?  I couldn't believe it!  This was clearly a new one for me (though that's not hard to do).  I unchecked this box and exited the control panel.  The NIC was immediately activated and I was good again.

I have been brainstorming on the purpose of such an option since that time.  The only scenario that I see is that Dell is assuming that if you are running on batteries, then you aren't near an AC outlet or within reach of an Ethernet port.  Dell should not make such an assumption. I know many people who are near Ethernet ports but chose to work on batteries until they need to plug into the AC outlet.  While I agree that doing this regularly would, over time,  deplete the total charge available by the battery and that this option COULD be useful in saving battery life, it should NOT be the default.  It's not obvious to most users that running off the battery would disable their NIC.  Dell should either make this checkbox MUCH more obvious to the user or not make it the default option.

Your thoughts?  Feel free to leave comments.

Blogged with the Flock Browser

Firewalls and Schools

I've been researching firewall/proxy software or Linux-based system for a small school serving 300 students. It's been a bit frustrating that there seems to be very little information on this topic relating to schools. Since schools are required by CIPA/COPA/ERATE to put these safeguards in place, you think that there would be more information on this topic.

I search eschoolnews.com, which is constantly pushing their Resource Center, but the most recent article on the topic was from 1999. (Maybe when I get some more knowledge in this area, my blog can be a useful resource for someone facing similar issues.)

We will be replacing our current Windows 2000 Server (ISA 2004 firewall with SurfControl plugin for web content filtering) with a Linux box. So here is my question...

Will the firewall/proxy on Red Hat Linux (for example) with DansGuardian be an adequate replacement for the current server or is there something more robust we need to consider?

If anyone has an answer to this, please respond in the comments. Thanks!

Network Communications issues

During the last few days, I have experienced daily network communications failures on our only Windows 2000 Server (firewall/proxy/content filtering/file-print sharing).  This resulted in access to the internet and all other network communications being halted across campus. I was able to determine that is was not a proxy issue because bypassing the proxy did not get me out to the Internet.   Not knowing exactly what was cause, I found that I could bring the services back online if I restarted our server.  What a pain!  I have had to do this 4 out of the last 5 days first thing in the morning.

The last failure was at about 4PM Monday.  The event log showed the following two errors:

1. DHCP service - The JET database returned the following Error: -1808
2. DHCP service - Error when backing up the database

First, the 1808 error.  I googled for Error 1808 and discovered that this is a DHCP error indicating that there is a lack of space on the volume.  I checked my system and discovered that the 3.5 GB system partition had only about 50 MB.  So I removed some unnecessary programs and opened this up to nearly 100 MB.  Since my dhcp.mdb database is 1.0 MB, I thought this ought to be plenty.

A Google on the second error led me to this article and the possible need to fix my dhcp.mdb file using jetpack.exe.  I have not done this yet as I am seeking some advice as to whether I should proceed since this is an OFFLINE operation.

Good news!  Since I cleared up some space on Tuesday, the network communications have not failed ("knock on wood").   I will be examining the logs further when I get a chance.  First, I have grading to do. 

Blogged with the Flock Browser

Introduction

I am starting this blog to chronicle my adventures into "Server-land". Although I have other blogs, this one will be geared towards a more specific audience - those who "have" to function as administrators for schools and small-business environments, but for whom this is not the primary function of their job.

I am a Computer Teacher at a K-8 Catholic school in California serving 325 students and approximately 20 staff members. I consider myself to be a beginner network admin who wishes to learn more and share in my journey so that others can benefit. I seek to find reliable technologies for maintaining an effective and safe computing environment while, at the same time, staying within a shoestring budget. I will explore both open-source and mainstream solutions to meet these goals.

My hope is that, by sharing my lessons learned along my journey, we all will benefit from what I have learned and contribute your knowledge to the cause. Schools, like all of us, are facing difficult financial times and must examine all options that can meet our needs while providing the most bang-for-the-buck. That is not to say that I will be looking to open-source technologies simply because they are free. Since my primary job is teaching computers, any solution must work well and be easy to maintain a minimal amount of time spent keeping it running.

In the next couple of months, we will be replacing our Windows 2000 server (file/print sharing, proxy, firewall and content filtering, ISA 2004) and moving all but the file/print sharing functions off to another server, probably a Linux server. The file/print sharing services will be tasked to the new Windows 2008 Server. I am less familiar with Linux but my budget can no longer sustain the $1800 price tag for the annual content filtering subscription. I am learning that there are open-source solutions for proxy/firewall/content that will do an equal or better job of providing these services.

Do you have any solutions that you are currently using? Thoughts? Ideas? Please share them for the community so that we all can benefit. Leave a comment below. Thanks!