Did you happen to notice if the ICS will allow port forwarding from the external network to a server on the internal net?
In my efforts to build a Linux firewall for my home network, I tried a few of the floppy router packages (specifically Coyote and Freesco). These packages were easy to setup and get going - if I only wanted to share my internet connection with all the pc's on my internal network. However, I'm trying to also host a web/ftp/mail server, so need to allow external requests of an internal server. Unfortunately, the ease of use broke down for these floppy packages once I tried to do port forwarding. End result is that I'm now running RH8 with a minimal server install (no X or other such stuff) - the only exra packages I specifically wanted was Bind and VIM. After some pains trying to learn iptables (I still have a long ways to go...), I have the router I'm after. Just need to fix up my DNS issues now (I'll probably post more on this in the near future - I'm sure I'll need help). So, seeing your post Aaron, I'm curious if port forwarding is an option for ICS? Thanks for any info. Shawn -----Original Message----- From: Aaron J. Seigo [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 18, 2003 11:58 PM To: [EMAIL PROTECTED] Subject: (clug-talk) Personal experiene: Mandrake 9 on servers -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi... in the last couple weeks some people have asked about sharing internet connections and setting up appropriate security measures on linux machines. well, last night i decided to try out Mandrake 9 as a server. i've never used it for a server before, just desktop stuff, so i was interested in how it would do. and it did wonderfully IMHO, and i would recommend it way above Red Hat for new users looking to set up a server. why? well, connection sharing and security are two good examples: ICS: to set up internet connection sharing you go to the Mandrake Control Center, click on Network and then click on Internet Connection Sharing. this lets you launch a wizard that sets it up for you in 3 easy steps, 2 of which are informative messages letting you know what it is about to do. couldn't be simpler and it worked instantly. now, you can do this by hand of course, but this is often more than a new user is ready to learn and more than a busy person such as myself really cares to deal with. Security settings: Sean Dockery commented how many UNIXes do things such as put su in the wheel group, allowing you to easily control such things, and noted that he hadn't noticed such settings. I replied that since such things are really only appropriate for production servers with sensitive data on them (for everyone else it's just a nuisance ;), most linux distros don't ship with those defaults. Enter MDK9.... I hadn't played much w/Mandrake's security level settings previously, but I decided this time to muck around a bit. By setting the security level to "high", I could control on a user-by-user basis who had access to rpm, su, /etc, service control and more... you can even add your own rules. there is a nice GUI to manage all this in the control center, but behind the scenes it works in a way that will be most familiar to most UNIX admins: namely, su is owned by the wheel group, and similar privsos are put on other resources. so while MDK doesn't allow you to do anything you couldn't do on other distros such as RH, it does make it painfully easy and quick. and the install is quite small, too. w/out any desktop stuff (though i did keep X on there so i can futz around with the control center tools some more) it used 450MB of disk. with a bit of urpme'ing i got that down easily to 380MB. still not the slimmest of the slim, but not bad for a user friendly distro. i'm sure if i ditched the X stuff it would've fallen close to, if not under, 300MB. the urpm[ieq] tools deffinitely made managing the software a breeze compared to doing it with plain ol' rpm (much like doing things on debian w/out apt is a bother) caveats to MDK9: o since their tools are written in perl and therefore a bit slow and prone to the general shodiness of script language tools, it seems there are some race conditions. you don't want to be multitasking admin jobs while using their tools, otherwise you may end up hanging apps (e.g. i managed to stall the ICS control panel this way and had to xkill it) o rpmdrake doesn't show ALL the packages installed in the "remove software" control panel. this was annoying since they install a bunch of useless stuff like GNOME libs when i had not asked for them. i didn't want anything more than X + icewm + the MDK utils. things like ORBit didn't show up in the Remove Software panel, but did show up using rpm from the command line. i'm sure there's a way to tweak this (i just haven't looked into it yet), but it's a bit annoying that this is the default mode. bah. o the text mode install is broken beyond belief. many of the steps get missed over, parts of screens (explanatory text and options) are missing, it's confusingly laid out, and there is no obvious way of backing up a step or two. obviously this isn't a priority to MDK, which is unfortunate. i wouldn't recommend installing MDK on a box that can't handle the GUI install mode. but that's ok: i used the GUI install and the system is a paltry P90 w/32MB of RAM and an S3 video card w/1MB of VRAM. not a hotrod, but perfect for a firewall / fileserver. the GUI install worked beautifully w/out a hitch. so i'd deffinitely recommend MDK9 to anyone looking to install and get learning as it really eases the learning curve and shortens the time needed to spend before having something useful... - -- Aaron J. Seigo GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 "Everything should be made as simple as possible, but not simpler" - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Kkxh1rcusafx20MRAnmrAJ9u5i/rQ96RCo6xI0QrErHR0+2XSACgippf 7VVvF1gesGk36vpGthVcsnw= =qmeN -----END PGP SIGNATURE-----
