On Saturday 26 July 2003 10:14, Jose Victor A. Martin, Jr. wrote: > 1. I'm wondering why pppd isn't being loaded at startup. I don't want to > have to login as root just to run it. I want the computer to be > functioning as a gateway a few seconds after somebody switches it on.
there are many ways to do this. 1) start it (whatever it is, pppd directly, or your script that calls pppd, etc) in rc.local. edit /etc/rc.d/rc.local (this is where it would be in mandrake, but mandrake is very similar to RH, so it should also work in RH). somewhere in there, call your pppd script or just type in the whole pppd command. 2) i prefer wvdial to pppd. if you can, use wvdial. it's much simpler to setup. if it works, stay with that. if it doesn't work (i.e., you've got a weird ISP, i had a problem like that once :), go back to using pppd. 3) i actually prefer to call wvdial (or, pppd, i used to do that long ago, when i didn't know about wvdial yet) from /etc/crontab. what i do is, i have a script that does something like: #!/bin/bash ps auxw | grep wvdial | grep -v grep if [ $? != 0 ] then wvdial fi or something similar. what that does is, check if wvdial is running. if it is, then the script just exits. if it isn't, then it starts wvdial. i then run this script from cron, maybe calling it every five minutes, but you can call it every minute if you want, it's not that expensive. this is because, sometimes pppd *will* die (mainly due to phone line problems, or because someone picks up the phone or turns off the modem [my dialup line doesn't have a phone attached at all]). once you've edited /etc/crontab to have that script be run at some given interval, you would do: service crond reload (or service crond stop;service crond start). that tells crond to reload the edited crontab file. > 2. I need a secure IPTABLES firewall script that allows outgoing access > for a few select users. uh. that probably needs more specification. do your select users have fixed IP numbers? if not, then your firewall script will have to be dynamically configured (whenever those users get online, somehow you run a script that gives them whatever access rights you want.) i've done stuff like this, but you'll need to provide more information so that those of us who can help you can give you better targetted advice. > 3. I also need a secure firewall for my fileserver which is running Samba > under RH 7.3 also. I hope someone here can help me get started. whom do you want to secure it against? you want to provide Samba access only to certain LAN clients? or are there dialup clients too? i take it you don't want to provide Samba access to everyone on the internet? Samba has access control features where you can configure what IPs or subnets can access it. i use webmin to configure that. also you could also just edit: the interfaces section of /etc/samba/smb.conf (on my box, that file might be elsewhere on yours, use find / -name smb.conf to find it). on my box, i have: interfaces = 202.84.105.0/255.255.255.0 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 so only IPs in those subnets can access Samba. of course, if you want to block samba at the firewall too, then you can use IPtables. the relevant ports are: tcp: 139 udp: 137 and 138 so something like: iptables -A input -p tcp --dport 139 -j DROP iptables -A input -s <allowed_ip/netmask> -p tcp --dport 139 -j ACCEPT iptables -A input -p udp --dport 137 -j DROP iptables -A input -p udp --dport 138 -j DROP iptables -A input -s <allowed_ip/netmask> -p udp --dport 137 -j ACCEPT iptables -A input -s <allowed_ip/netmask> -p udp --dport 138 -j ACCEPT i think maybe /etc/hosts.deny and /etc/hosts.allow might help you too. but i don't use that, preferring iptables instead. WARNING: those are off the top of my head. man iptables and play with them (or, as someone else has suggested, google is your friend) to find the right magical incantations that will work right for you. > "This e-mail is confidential and may also be privileged. uh. if you post to a mailing list, it will be archived and will be searchable from the web. so these warnings are void when posting to public lists :). tiger -- Gerald Timothy Quimpo gquimpo*hotmail.com tiger*sni*ph http://bopolissimus.sni.ph an xcdngl nntrstng jrnl Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Veritas liberabit vos. -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
