On 25 Aug 1999, Jake Colman wrote:
> My private network is a home office network with a linux box and two
> win98 boxes for the kids. I want the link brought up whenever the kids
> or I need to access the internet (e.g., www, ftp, irc, AIM, icq). There
> will be no restrictions on that.
FTP and I think ICQ (and maybe IRC?) require special masquerading modules
(is this still true with kernel 2.2.x?), so that's one thing to watch for.
Otherwise a straightforward configuration will do this.
> As Ed is doing, I'd like to configure the link so that it does NOT come
> up for named or netbios packets or any other kind of routing packet.
> Once the link is up, I don't mind if my internal DNS server (not running
> yet) gets configured with packet traffic. I also would not mind doing
> time synchronization once the link is established for regular internet
> access.
Block the netbios packets with firewall rules. I don't run Win98 so I
can't help you with this. See the archives to find out how.
DNS is already taken care of in the standard.filter . You might want to
configure named to use port 53 instead of a high random port, I'm not sure
about this. I sent the details in a previous message to the list. Also,
in your ip-down script, I have found it helpful to restart named to ensure
that the cache is clean. Finally, for extra protection, turn on
ip_dynaddr if you can. Again, see the archives.
Block NTP packets by adding an appropriate "ignore" line to the diald
filter file. I don't have the details of my configuration handy, sorry.
If you have more linux boxes, or run NTP on the windows boxes, the
configuration is somewhat more complicated.
> Would it make sense, then, to go with diald and forgo pppd's more
> limited control?
I think so. It works well for me, and really isn't too hard to set up
despite some of the problems we see on the list. We just need an updated
FAQ. If I get 5 minutes to breathe I might volunteer to put it together.
Can anyone recommend some good tools for it? I'd prefer to do it in SGML
if possible.
> Also, I'd appreciate a copy of Ed's diald configuration script since I
> think it matches what I am going to try to do.
I'd be happy to send my configuration files, but I'm away from my
computer for a few days. If you're still interested in seeing them, send
me a personal e-mail and I'll reply when I get home.
Ed
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
