In regards to the HOWTO documents, usually the most up-to-date versions can
be found on the LDP site, http://www.linuxdoc.org/. There is in fact a more
current IP Masquerade HOWTO than the one you pointed to located at the LDP
site. Also, according to the LDP site, it is now a HOWTO, not a mini-HOWTO.
Don Head
Linux Mentor
Wave Technologies
[EMAIL PROTECTED]
[AIM - Don Wave][ICQ - 18804935]
[IRC - EFnet, #WaveTech, Don-Wave]
-----Original Message-----
From: Jason Snyder [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 11, 2000 9:42 PM
To: [EMAIL PROTECTED]
Subject: [Cooker] Suggestions for cable modem / (A)DSL users
While using a cable modem at home and Mandrake 6.1 I noticed a few
things that I think could use a change.
1. The Installer for Mandrake 6.1 seems to be optimized for a machine
that is on a private network and the default settings leave a bunch of
potentially dangerous services going (like ftpd and telnetd). It would
be nice if when selecting type of Installation (server, workstation,
custom) if there was also an option for "Stand Alone / Private Network"
and "Internet Connected" in a separate selection menu.
2. A more complete networking code and up to date documentation to go
with it. I found that setting up a little Linux-Mandrake based firewall
including such networking code as IP masquerading and packet filtering
was not all that difficult once reading the docs. When I went to set up
port forwarding I found the docs (IPCHAINS-HOWTO, Firewall-HOWTO,
IPCHAINS man page, and kernel documentation) didn't have up to date info
and pointed me in all of the wrong directions. I found some usable
documentation at
http://home.plutonium.net/~sjhill/mirrors/ipmasq/ipmasq-HOWTO-1.65-6.html.
I installed the ipmasqadm-0.4.1-1.i386.rpm on my system and used that to
set up port forwarding.
3. Strong crypto. I have noticed that at least in the past that Big
Brother doesn't like the idea of having strong crypto coupled with an
OS. When using a public network like the Internet and especially when
reading docs on the Internet on how to spoof other cable modems on your
segment I feel much more comfortable using something like SSH2 to
transmit passwords over the Internet. With what I have heard about
openssh 1.x and ssh 1.x, I don't feel all that comfortable using them.
I compiled ssh 2.0.13 onto my systems and even though I have had some
problems getting X to forward its ports transparently, I still feel more
comfortable with it. (I find that after writing programs all day with a
text editor at work, using the command line is pretty strait forward to
me for some reason.)
