Originally posted by egurski
If you setup a firewall, why would you want your files exposed?
A firewall can be run just using a bootable CD and IPTables. There aee some discussions about using a firewall as a proxy (SQUID) server, but again I question why you would want anyone to know where you've been and where you're going.
My own firewall is just that.. I have set it up to act as a router so in my network it's setup something like this:
DNS, Proxy, Samba, F/P server, NTP, DHCP is 192.168.100.2
[snip only for saving bandwidth the info cut is good.]
I control all acess via iptables using sc.firewall.
This sound a lot like what I am trying to setup but with lots of minor changes which have added up as to make things not work. So, I have a lot of questions (Qs). One differance the internet connection (Red side) is a dynamic pppoe connection. I am using rp-pppoe to connect, but it is not configured the way that I want with booting and restarting after KDE running with NTP, iptables, routing, and dyndsy.org updating. I have learn part of the these setups but don't seem to get them to work for all of these Qs.
When I say setup, I am wanting to know which files must be edited and what statement must be run, added, changed or removed. as to get this to work and be secure with things like iptables. I have seen some dated How-to's I have yet to see info that stated what is needed for current versions, like FC1 or iptables. (Still add them to your replys for other readers as to learn this stuff and to remind me but do tell how it differs by version changes as to fix my problems.)
My Qs are lot so, copy the section that you want to answer, and make a new thread for you want to write about and please show how the part works with the relivent other Qs. Thanks.
Hardware setups: (all computer have modem (as far as working order I do not know. ))
P3-450: to be the computer that I use as a pc. Currently has all of Fedora Core 1 installed (currently having some problems with a KDE update from RH8.0). It has 2 NIC cards, CD-RW and most uer software like OO. I have been updating the time from this machine from the internet after connecting and using RH 8.0's clock, program not working. Now that I am using FC I hope to set this up better. All packages for FC1 installed, would like to which packages and server programs do I NOT need? Will continue to have normal harddrive boot not CD. Will be able to read log file, exicute program and other things of Ppro-150. No internet exicutables or SUers from the internet users allowed, unless done by dial-in. (Both Red and Green sides)
Ppro-150: has 1 NIC card, 1 G harddrive, 1 G Jaz drive and other stuff. Want to use the Jaz as a "live" backup drive. Can be the print server and NTP server if the setup will allow it; as for now the P3-450 will do that job. Will need NTP updates if it is not the server, runs part of RH 9.0 but I have not been able to "see" it on the LAN. I would like to have the boot cd method for this machine. Will always be on the (Green side, unless a tunnel for NTP is setup). Setup? How to write the CD when this machine does not have a CD-RW?
Win98 Laptop: will be able to connect from different places by internet, modem, and a LAN hub to the LAN. Will need NTP updates. (runs programs that Linux can't.) What safe and secure software to do these connection is needed on both ends? How to setup? (Both Red (over the net connect in) and Green at home)
(I do have 10 G hdrive to swap with the Win98 hddrive as to put Linux to this laptop. But I need a version which will run only one program at a time because of the real time requirements of a device I have. To be done later)
DOS laptop: only needs dail-in or serial port NTP updates by the LAN?? (Always green.)
The LAN is on 192.168.X.X
The software setups and wants (lots of Qs):
DNS: How to set this up for both sides of the firewall? (or do I need it on both?) How to setup routing for each computer too?
DHCP: do I need this with local DNS and pppoe? I don't think it will work over the internet with pppoe will it?
Proxy: I don't think I need a proxy (what use is it to me, clueless?) If I do need it How to do set it up? If not How to remove it and all file related to it but not dependant on other files.
Samba: (same Q's as DNS) setup for both sides?
F/P server: One side only for the printer (I don't want internet printing); As for files, setup for both.
Apache: which is working right now but is not secure. for personal web pages. (web pages will have to edited, so not pressing.)
Webmin: is there something better, if not which machine to run it on?
NTP: Need a single server for the cleints (which ever machine that will be.) I won't this to work at boot time I currently have an error
IPTables: what is the way to allow the different machines to work with the different
dynamic pppoe: How to set up to have automatic updated to dyndsn.org Also I want it to work with NTP and not allow any spoofing, hacking, and etc. I won't this to work at boot time as of now I currently have an error.
SSH: I won't this instead of FTP for doing things FROM the internet, FTP is fine for doing things TO the internet.
Mail: I would like a clean and secure method of collecting mail (from yahoo, sbc pop3 in/ , and a personal web site to be made) and sending it to "server" which hold the mail and arcives it. If this can be done on the same machine that I read mail
Lan Users: (how to set this all up?)
Root (of course) but only as needed.
SU a user to do the things, and change things like root without using root.
ME a common user which does not have much more than internet use, and running programs that are not SU stuff, can run SU to be a SU. Can only login locally.
iME (for internet connections) same as ME as stated but will not be able to have SU powers. Can only login from the internet.
Any help will be great!!!!