On Fri, 22 Jun 2001, Randy Millis (Lists acct.) spewed into the ether:
> That sounds like hours of work though.:-) Not sure I'd know where to begin
> either. And there is always the question of what RPMs are safe to
> remove. How would one know that?
Not hours of work.
$tar -zxvf package.tar.gz
$cd package
$./configure
$make
#make install
The biggest advantage of prepackaged rpms is that you don't need a
compiler on that machine to install them.
> Thanks I will look for that.
http://www.linuxdoc.org
> Now 6.2 or 7.1?
>
> - 6.2 is older (may be bad), but there may be more known issues with it
> than something brand new (may be good)
> - 7.1 has many fixes over 6.2 (may be good), but there are also new bugs
> introduced in a new version (may be bad). So what is the most logical
> choice? Or is my logic flawed???? :-)
I woul;d suggest a 6.2 install, apply all necessary poatches, then move
to 2.4, for iptables.
> > I suppose it's the easiest way and it'll help you avoid circling
> > cross-dependencies (RPM A needs RPM B needs RPM A...) that I've seen
> > with RedHat RPMs.
> Yes, this is SOOOOO frustrating!
Simple workaround: specify both on the command line.
RPM figures out what to do.
<snip>
> I had heard that IPSEC fails over NAT. Why is that?
Nat does packet header rewriting, that isn't liked by IPSEC.
> But, **do** I want to? Are there pros and cons to doing allowing NFS and
> SMB this way? Is there a better way?
Hmmm, how about simply using ssh?
<snip>
> - Is setting up a private IP network (192.X.X.X, 172.X.X.X
> 10.X.X.X) with NAT more secure as the private addresses are not routeable
> from the public internet?
Not necessarily so. A good set of f/w rules should stop most attacks,
and if the clients behind the f/w are windows machines, then keep a
ghost disk handy.
> What I don't understand is how I set up a firewall to protect a collection
> of hosts that are on the public internet now and have public addresses.
Ensure that they are on the same subnet, then define rules for that
subnet. Use Bastille.
<snip>
> How do I hide the hosts behind the firewall and sill allow
> them to reach the internet?
/sbin/ipchains -s 0/0 -d 192.168.1.0/24 -j DENY
Hope this helps a bit.
Devdas Bhagat
--
Linux is obsolete
(Andrew Tanenbaum)
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
