You have been a great help Suresh. Thanks and let me ask a few more
questions:
We have been running this machine as our LAN server in the office and
also as a dial-in BBS. It was earleir being used by upto 900+ people
(pre-internet days) which later came down to less than 50. Thanks to
MTNL, our telephones did not exist from April 2000 till last month and
hence even those users could not use it.
We want to start that service, even if it is for a few users only. This
service was and will remain free.
Also it works for us as dial-out server. It connects to net and the
whole LAN (5 + this one) are on net and the respective activities go on.
Mail -up & down; Ftp up & down; SSH etc. apart from browsing.
Your help is steps for whatever more should be done, once we go for the
DSL connectivity will be of great help.
We have some kinf of firewall there, perhaps it will need to be upgraded
to what you have suggested.
Thanks again, although just saying thanks is never sufficient.
Suresh Ramasubramanian wrote:
>
> Sudhir rearranged electrons thusly:
>
> > I suppose a firewall on RedHat 6.2 should be ok for this kind of
> > connection. And, how can I go for a static IP ?
>
> OK - here's a _very short_ howto on this
>
> 1. Do a custom install - and DONT INSTALL X WINDOWS / LINUXCONF. Leave only a
> skeleton set of services running here.
>
> 2. Upgrade nearly everything on that box (or install something like Mandrake
> 7.2, or preferably, Debian / Slak 7.1 / BSD, all of which have far more recent
> packages). Priority - upgrade the kernel (to 2.2.17 or 2.2.18), sendmail (to
> 8.11.2, or switch to exim / postfix / qmail), bind, the pop daemon etc.
> (ftp.redhat.com and other mirrors, such as my favorite
> download.sourceforge.net/pub/linux/redhat have an updates directory where you
> can get all this)
>
> 3. Chroot a few packages such as Bind and POP3
>
> 4. Use ipchains to restrict / block access to ports / services.
> http://www.linuxmafia.org (or .com I forgot) has an ipchains based firewall
> called GShield. Use it (and something like Bastille as well). To check for
> open ports, nmap / saint / satan scan your machine from outside.
>
> That should do for a start. Detailed howtos are a dime a dozen on the net, so
> I wont reinvent the wheel in this post.
>
> As for a static IP, it's easy - ask spectranet, pay a little extra possibly.
> Then bring up two eth cards on your box - one with a localnet (rfc 1918)
> address like 10.xx.xx.xx and the other with your public IP :)
>
> --suresh
>
> --
> Suresh Ramasubramanian <--> mallet <at> efn <dot> org
> EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
> "What separates normal people from kooks is how they react when people disagree
> with them or tell them "NO" <-- Ron Ritzman on news.admin.net-abuse.email
>
--
Phones : 91-11-6674684 & 85. Fax : 91-11-6674681-82-83
R-10,3rd fl.,Khidki Extn.,Malviya Nagar,N.Delhi 110017.INDIA
============================================================
Peace, Force & Joy! Sudhir Gandotra.
============================================================
!! Non-violence is for brave people, not the weak-hearted !!
============================================================
http://artindiaportal.com http://humanistmovement.org
============================================================
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
