Re: (clug-talk) Personal experiene: Mandrake 9 on servers

Sun, 19 Jan 2003 17:18:54 -0800

Not sure if I would say not suitable for home network, 3 of my machines are firewall's for home network, including masqurading for internal computers (I have set it up on various sites to use either DHCP to assign IP addresses, or use static ip's, depending on the size of the home network)

Darcy

Shawn Grover wrote:

So, is it safe to say then that ICS is suitable for most home network
situations? But not suitable for server hosting on a home network?

Either way Darcy, you've just justified the time/pain I spent getting
IPTABLES configured... THANKS!!!!!!!

(though I still have to lock it down better, and do some logging - but it's
working, that's what counts right now)

Shawn

-----Original Message-----
From: Darcy Brodie, CJL [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 19, 2003 6:10 PM
To: [EMAIL PROTECTED]
Subject: Re: (clug-talk) Personal experiene: Mandrake 9 on servers


via IPTABLES

Shawn Grover wrote:


But, did you do this through ICS, or via IPTABLES?

-----Original Message-----
From: Darcy Brodie, CJL [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 19, 2003 6:05 PM
To: [EMAIL PROTECTED]
Subject: Re: (clug-talk) Personal experiene: Mandrake 9 on servers


Hello all
I will comment on this with lots of personal experience (6 MDK boxes as firewall / servers in Calgary). Portforwarding is actually very easy in versions 8.0 on. I have managed to forward connections from just 1 remote IP address to an internal IP all the way to the entire internet having access to a FTP server behind the firewall.

Darcy

Shawn Grover wrote:




Did you happen to notice if the ICS will allow port forwarding from the
external network to a server on the internal net?
In my efforts to build a Linux firewall for my home network, I tried a few
of the floppy router packages (specifically Coyote and Freesco). These
packages were easy to setup and get going - if I only wanted to share my
internet connection with all the pc's on my internal network. However,

I'm

trying to also host a web/ftp/mail server, so need to allow external
requests of an internal server. Unfortunately, the ease of use broke down
for these floppy packages once I tried to do port forwarding.
End result is that I'm now running RH8 with a minimal server install (no X
or other such stuff) - the only exra packages I specifically wanted was


Bind



and VIM. After some pains trying to learn iptables (I still have a long
ways to go...), I have the router I'm after. Just need to fix up my DNS
issues now (I'll probably post more on this in the near future - I'm sure
I'll need help).

So, seeing your post Aaron, I'm curious if port forwarding is an option

for

ICS?

Thanks for any info.

Shawn

-----Original Message-----
From: Aaron J. Seigo [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 11:58 PM
To: [EMAIL PROTECTED]
Subject: (clug-talk) Personal experiene: Mandrake 9 on servers


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi...

in the last couple weeks some people have asked about sharing internet connections and setting up appropriate security measures on linux

machines.





well, last night i decided to try out Mandrake 9 as a server. i've never
used it for a server before, just desktop stuff, so i was interested in how it would do.

and it did wonderfully IMHO, and i would recommend it way above Red Hat

for





new users looking to set up a server. why? well, connection sharing and security are two good examples:

ICS: to set up internet connection sharing you go to the Mandrake Control Center, click on Network and then click on Internet Connection Sharing.


this



lets you launch a wizard that sets it up for you in 3 easy steps, 2 of


which



are informative messages letting you know what it is about to do. couldn't
be simpler and it worked instantly. now, you can do this by hand of course,


but



this is often more than a new user is ready to learn and more than a busy person such as myself really cares to deal with.

Security settings: Sean Dockery commented how many UNIXes do things such

as





put su in the wheel group, allowing you to easily control such things, and


noted that he hadn't noticed such settings. I replied that since such


things



are really only appropriate for production servers with sensitive data on them (for everyone else it's just a nuisance ;), most linux distros don't ship with those defaults. Enter MDK9.... I hadn't played much w/Mandrake's


security level settings previously, but I decided this time to muck around


a



bit. By setting the security level to "high", I could control on a user-by-user basis who had access to rpm, su, /etc, service control and more... you can even add your own rules. there is a nice GUI to manage all


this in the control center, but behind the scenes it works in a way that
will be most familiar to most UNIX admins: namely, su is owned by the wheel
group, and similar privsos are put on other resources.

so while MDK doesn't allow you to do anything you couldn't do on other
distros such as RH, it does make it painfully easy and quick.

and the install is quite small, too. w/out any desktop stuff (though i did


keep X on there so i can futz around with the control center tools some
more) it used 450MB of disk. with a bit of urpme'ing i got that down easily to 380MB. still not the slimmest of the slim, but not bad for a user friendly


distro. i'm sure if i ditched the X stuff it would've fallen close to, if
not under, 300MB.

the urpm[ieq] tools deffinitely made managing the software a breeze


compared



to doing it with plain ol' rpm (much like doing things on debian w/out apt
is a bother)

caveats to MDK9:
o since their tools are written in perl and therefore a bit slow and prone
to the general shodiness of script language tools, it seems there are some


race



conditions. you don't want to be multitasking admin jobs while using their


tools, otherwise you may end up hanging apps (e.g. i managed to stall the
ICS control panel this way and had to xkill it)

o rpmdrake doesn't show ALL the packages installed in the "remove


software"



control panel. this was annoying since they install a bunch of useless


stuff



like GNOME libs when i had not asked for them. i didn't want anything more


than X + icewm + the MDK utils. things like ORBit didn't show up in the Remove Software panel, but did show up using rpm from the command line.

i'm





sure there's a way to tweak this (i just haven't looked into it yet), but it's a bit annoying that this is the default mode. bah.

o the text mode install is broken beyond belief. many of the steps get
missed over, parts of screens (explanatory text and options) are missing, it's confusingly laid out, and there is no obvious way of backing up a step or two. obviously this isn't a priority to MDK, which is unfortunate. i
wouldn't recommend installing MDK on a box that can't handle the GUI install mode.
but that's ok: i used the GUI install and the system is a paltry P90 w/32MB of


RAM and an S3 video card w/1MB of VRAM. not a hotrod, but perfect for a firewall / fileserver. the GUI install worked beautifully w/out a hitch.

so i'd deffinitely recommend MDK9 to anyone looking to install and get learning as it really eases the learning curve and shortens the time

needed





to spend before having something useful...

- -- Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43

"Everything should be made as simple as possible, but not simpler"
- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+Kkxh1rcusafx20MRAnmrAJ9u5i/rQ96RCo6xI0QrErHR0+2XSACgippf
7VVvF1gesGk36vpGthVcsnw=
=qmeN
-----END PGP SIGNATURE-----




































					Reply via email to