Very Computer

by **Sundial Service** » Thu, 04 Oct 2001 10:00:52

My client has finally realized what it means that he is able to see
dozens of Windows workgroups besides his own on his DSL link.

We've just finished putting on a Red Hat 7.1 server there ... but he
wants: instructions.

And these are the instructions that he wants: (I gather there are other
businesses he's involved with that are in the same boat.)

(1) Assume a Red Hat 7.1 box with two network cards. One is hooked to
a DSL line, which uses DHCP to obtain all network addresses. (Because
of this, the actual IP-addressed used on the high-speed internet side
may change from time to time. But the adapter used (eth0) does not.)

(2) The other network card will link to the local network. Red Hat
should act as a firewall between the two. Ideally, addresses on this
side could be configured automatically too (e.g. DHCP, WINS) but they
should be non-routable addresses entirely separate from the Internet.

(3) Give simple instructions for how to configure Red Hat 7.1 as the
necessary firewall.

(4) Give simple instructions for how to use Samba to act as a logon
domain controller for these (Windows 9x) workstations. Note that there
are no subnets, no NT-boxes, only a small-office full of computers.

When I got to thinking about this ... I realized that most of the stuff
that's easily obtainable with Red Hat Linux is anything BUT "simple."
Oh, the information is there, but it's not "simple." Yet, this task is
and should be commonplace .. simple.

And now I'm wondering: hasn't anyone written this _already? (And I
don't mean "HOWTO"s. :-))

If so, can someone point me quickly to the right URL?

[P.S. It's absolutely shocking how many "private" things were right
there for the peeking.]

by **John Mello** » Thu, 04 Oct 2001 10:53:05

www.pmfirewall.com/pmfirewall

Run the setup, answer the simple questions, and it will set up a good
static firewall for you with masquerading for the internal network. It
even adds the startup scripting into the rc.d ones, and handles
DHCP-assigned addresses transparently.

> My client has finally realized what it means that he is able to see
> dozens of Windows workgroups besides his own on his DSL link.

> We've just finished putting on a Red Hat 7.1 server there ... but he
> wants: instructions.

> And these are the instructions that he wants: (I gather there are other
> businesses he's involved with that are in the same boat.)

> (1) Assume a Red Hat 7.1 box with two network cards. One is hooked to
> a DSL line, which uses DHCP to obtain all network addresses. (Because
> of this, the actual IP-addressed used on the high-speed internet side
> may change from time to time. But the adapter used (eth0) does not.)

> (2) The other network card will link to the local network. Red Hat
> should act as a firewall between the two. Ideally, addresses on this
> side could be configured automatically too (e.g. DHCP, WINS) but they
> should be non-routable addresses entirely separate from the Internet.

> (3) Give simple instructions for how to configure Red Hat 7.1 as the
> necessary firewall.

> (4) Give simple instructions for how to use Samba to act as a logon
> domain controller for these (Windows 9x) workstations. Note that there
> are no subnets, no NT-boxes, only a small-office full of computers.

> When I got to thinking about this ... I realized that most of the stuff
> that's easily obtainable with Red Hat Linux is anything BUT "simple."
> Oh, the information is there, but it's not "simple." Yet, this task is
> and should be commonplace .. simple.

> And now I'm wondering: hasn't anyone written this _already? (And I
> don't mean "HOWTO"s. :-))

> If so, can someone point me quickly to the right URL?

> [P.S. It's absolutely shocking how many "private" things were right
> there for the peeking.]

by **Mike Ken** » Thu, 04 Oct 2001 13:15:20

> And now I'm wondering: hasn't anyone written this _already? (And I
> don't mean "HOWTO"s. :-))

http://www.linux-firewall-tools.com/linux/firewall/index.html

by **Mike** » Thu, 04 Oct 2001 22:15:35

(3) Go to freshmeat.net and grab IP Tables Tutorial
(4) Go to www.oreilly.com and grab Using Samba in PDF format.

Cheers,

Mike

by **Jim Thoma** » Thu, 04 Oct 2001 22:41:21

> My client has finally realized what it means that he is able to see
> dozens of Windows workgroups besides his own on his DSL link.

> We've just finished putting on a Red Hat 7.1 server there ... but he
> wants: instructions.

Sounds like a job for coyote linux.
http://coyotelinux.com/

I don't know what other services he's running on the RH7.1 box, so I'd
suggest setting up another machine (a 486 is sufficient) with coyote.

--
Jim Thomas ** Principal Applications Engineer ** Bittware, Inc

The secret to enjoying your job is to have a hobby that is even worse.
- Calvin's dad

by **Michael Austi** » Fri, 05 Oct 2001 11:06:49

Easiest solution. Buy a DSL Router/Hub (4 port minimum... can be
daisy-chained to handled 256 systems... that is, if you think you connection
could handle the throughput)

The router acts as a firewall (depending which one you get, they can drop
all inbound requests...) Does the PPPoE/A. they can't see you.... then use
file/print sharing to your hearts content. the router/hub also provides DHCP
and with some careful port-forwarding you can even run a web server. ( and a
dynamic DNS provider.. I use zoneedit.com and a perlscript called ddclient
to pull my current Linksys BEFSR41 WAN IP address assigned at connect time..
first 5 domains are free as long as they stay under 200Mb worth of DNS
request each (approximately 1,000,000 DNS requests). I have 6 systems (2
W98/ME, 2 Caldera Linux, and 2 Alpha 2100 OpenVMS systems. -- I use these
for the web servers because they are extremely difficult to hack. No
nimba/code red problem here. except for the log files filling up with over
50K attacks since Sept 18.)

Michael Austin
DBA Consultant
http://www.firstdbasource.com
http://www.spacelots.com -- a web hosting service coming soon...hopefully
later this week.