Re: Building a Network, long reply

["Bob Castleberry" <bobkat79@home.com>]

sorry but i just couldn't help myself so here it goes:

>  But, in setting up the vanilla Win98 (if there is such a thing) for my
experiment, I had to
>  'name' the machine the same as the one the bubba originally set up, set
TCP/IP so DHCP
>  will give it an IP addy and leave all the rest of the TCP/IP settings
blank (you know, no
>  WINS, No DNS, no Gateway, etc.
ok now if your dhcp client package is isc dhcp then you might need to add
something into the /etc/dhclient.conf file, there is a section that says "if
you are on an at&t at home service uncomment the line below and change the
hostname to your hostname", this is all you really have to do as far as isc
dhcp is concerned to work, (now this is speaking from the point of someone
who uses SuSE and OpenBSD for everything so red hat could be different, on
the suse firewall i just set up i didn't even use the at home hostname for
the real hostname the dhcp client took care of all the work after the slight
edit in the config

>  Oh yeah, I recall I also set the workgroup to "@home" but not sure if
this was for Netbui
>  internal use or not since I turned that protocol off during the testing
of cable connectivity
>  requirements.
the only time your going to see workgroup in the linux/unix world is if your
running smb, and the only time your going to use netbui is on your local
network (it's not routable) even microsoft is disowning it as well as
netbios

>  I know the cable's server gave me an IP when I ran winipcfg.exe and
>  clicked on renew. I know that they change their DHCP server's IP
sometimes and their
>  DNS servers (it's not the same as it was two months ago when I wrote the
IP's down), so I
>  have to rely on their DHCP machine knowing mine by only the machine
name - but how
>  would it get this name? Especially if I set up the firewall blocking
services...
very seldom do they ever change ip's, i've been running my openbsd firewall
at home for over 9 months and haven't seen an ip change yet (i keep sshd
running on the firewall to get to my internal network), the same is true for
dns servers ( i think mine have been 24.10.210.100 since i started), but
that doesn't matter because the dhcp client is taking care of that for me,
the firewall should not block this service (this is all in your firewall
rules, which i would recomend getting a good book on the logic behind
setting up firewall rules), i was real happy with setting up linux and
openbsd firewalls by wiley books, although it doesn't cover iptables but it
does give a lot of good insight into why you have a firewall and what your
really trying to do with it, as for proxy i'm clueless if anyone could
suggest good material on setting up socks i would be happy as a lark

>  I may combine the firewall functionality into the router/proxy server
since it'll be dual-
>  homed anyway and has to scrutinize packets anywayz... this has always
been one of those
>  grey areas for me. I have a single switch which will have all NICs
connected - how can
>  the firewall as in the diagram filter stuff requested by a FTP or HTTP
request from one of
>  the internal boxes if all the boxes are directly connected to the
192.168.x.1 proxy/router?
>  Isn't proxy services similar to firewall services - it seems logical (to
me, but I could be out
>  there...) that the two should be combined?
yes, combine the two and get a good book on firewall/proxy theory they are
very similar especially when natting/masquerading the only difference is
that a proxy is application level and knows what your attempting to do and a
pure firewall/nat/masq box just knows that packets coming from these
ip's/range of ip's/ports are allowed to go out or come in depending on these
rules (whoa i think i just confused myself, just keep in mind it's all based
on rules which you decied how strict or leaneant you wish to be)

>  OK, I'll be tearing apart the Win box and writing down all it's
particulars in a few minutes.
>  I also plan to document my every move. I got a few books handy and I plan
to peruse
>  Redhat's site a little on how to create a floppy image and how to get the
CD to work once
>  I thrash (format) the hard drive. I have both 7.2 images burned on CD now
(I also have a
>  Slack 8 set burned, just in case something goes awry with RH).
oh that sounds like fun, especially the going with slackware if red hat
doesn't work (if i'm not mistaken red hat is supposed to be the easier of
the two, i haven't used slackware since v1.2 so i could be wrong)

>  And, once I got the initial install done and I begin the recompile to
customize networking
>  to use my equipment by typing
>     make config
wow first slackware and now make config, do yourself a favor and use "make
menuconfig" it will probably save you a little frustration, remember remove
anything which you don't need from the kernel (this is argueable but for
instance your not on isdn so don't have isdn support checked in the kernel,
ect. i've been told you get a performance increase with a smaller kernel)
then "make dep"
then "make bzImage"
then "make modules"
next "make modules install"
finally config lilo to add in the new kernel as a second boot kernel (always
leave your old one as a backup it case you remove something you shouldn't
have you can boot to the old kernel and recompile)

>  What services are kernel level (answers I'll need to have for the config
questions) and
>  what are module level? (I ask because I read about this somewhere)
well this is one of those good kernel/module arguements that can start a
holy war, i like to throw everything in the kernel and use as few things as
possible for a firewall, but different folks different strokes, it's really
up to you.

> --Joe
>  with fingers crossed, hoping this will be a breeze
uncross your fingers, if it were a breeze then it wouldn't be any fun and we
wouldn't want to have anything to do with it :)

someone once told me when i first started useing linux:
makeing things easy is the mac and M$ way the unix/linux way is to make
things more efficient, secure, and stable, easy we'll worry about later when
somebody has some spare time to throw at it.
and i think that still holds pretty true today

Bob T. Kat (today posing as Dr. Jeckle)


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.