Hello again
Here is the second version of this setup. I have tried to include
the suggestions from yesterday. At the bottom I have included some
questions which come up in the discussion.
( NOTE: the changes begin with "Ver: 2", so we can do ASCII
configuration control. ;-) )
I appreciate the information provided about IP forwarding and Email
below. But I was looking for some more information about where to
start and what to do. So let me see if I can state what I think is
the correct attack. If something is missing or wrong, PLEASE correct
me. I will attempt to post a summary once I get this working.
Initial Setup:
I have three computers, one running Redhat Linux 6.0, and two
running Windows 95, all with new unconfigured installations. They
all contain ethernet cards, and the cabling is in place. The Linux
box has a modem attached to access the Internet. I have a dialup
connect to my ISP which uses dynamic IP addresses.
Configuration Steps:
1. Pick names for the computers, and a domain name for the
network. These are private names, so they are not registered to
appear on the Internet.
Ver 2.0: Comment: There was a suggestion to pick a machine.domain
name based on my ISP's domain, such as linux.jmoore.myisp.com .
I don't think this is useful since email must be masqueraded as
[EMAIL PROTECTED] and not [EMAIL PROTECTED] . Besides
it is more fun to pick your own domain name since it will not
resolve under DNS anyway.
2. Assign IP addresses to the machines using unrouted IP numbers
such as 192.168.10.1-3 .
3. Configure the Windows boxes, in the networking section of the
control panel, for their name, workgroup, fixed IP
addresses, Wins lookup, no DNS, and no Gateway. (I plan on using
Samba.)
Ver 2.0: create a hosts file on each Win 95 system which is a
copy of /etc/hosts on the Linux box. This allows internal name
resolution without configuring DNS. Setup the Linux box as the
gateway, in the Win95 Network config panel.
4. Configure the Linux box for it's hostname, domain name, and IP
address. Create accounts on Linux for the users of the Windows
95 machines. Confirm that they have mail boxes on the Linux
machine.
5. Configure, start and test Samba. Configure Sendmail for Envelope
masquarading using ISP domain name, and relay of internal
systems. Configure the Windows 95 mail programs to use the Linux
box with IMAP. Set up a procmail filter if you want the Windows
users to have internet email. Send messages from each box to all
the users. Configure PPP and diald for Internet access from both
Linux and Windows 95. Check that the Windows 95 browsers can
access the internet through the Linux modem.
Ver 2.0: You need to define SMART_HOST in the sendmail config
file. In addition you should setup relaying for your internal
machines. Configure sendmail to make connections expensive,
`confCON_EXPENSIVE', `True'. Configuration information for
sendmail, procmail, and fetchmail available at:
http://www.moongroup.com/unix/mailhelp.html
Ver 2.0: Netatalk is also nice if you want to allow any Macintosh
users LAN or Internet to access your machine.
6. Recompile the kernel to include IP Forwarding, set up IPchains to
protect the internet communication. Configure a Cron job to
exchange email with the ISP machine using fetchmail to get the
mail, with procmail filtering, and use sendmail -c to upload the
waiting email.
Ver 2.0: No need to do a recompile, since IP Forwarding is
already included. Configuration information on Linux is
available at the "Linux Administrator's Security Guide"
http://www.securityportal.com/lasg/ (this site seems like a lot
of good information, I just wonder if it would be overkill for a
new Linux admin?)
Questions:
1. How to I get the Win95 boxes to trigger a PPP connection to the
Internet? Some suggestions are: masqdialer, diald, and pppd.
Does anyone have experience with this configuration. I have read
that masqdialer is the way, but I have no experience.
2. Would a dialup user be better using a Proxy like Squid rather
than IPchains? I know that more security is better, but is a
Proxy overkill? What are the pros and cons to the different
levels of security for a dial-up user? I know firewalls are
COMPLEX to configure, like sendmail. But for sendmail Chuck Mead
at www.moongroup.com has done a good job of creating cookbook
configuration.
3. What about allowing the Window PC to use telnet, ftp, chat, and
real audio through the Linux box? Do these need some setup, or
can they simply work through the Linux interface to the Internet?
OK, what have I forgotten, overlooked, or missed?
Yes I know this is a long list, but I think many people might not know
what is involved in setting up this type of a system. The easier we
make it, the more people will catch on to the real power of Linux.
Help me get this right, and I will help spread the word.
Thanks
John Moore
Contributors: (Thanks)
[EMAIL PROTECTED]
Charles Galpin <[EMAIL PROTECTED]>
Chris Morton <[EMAIL PROTECTED]>
Kevin Diffily <[EMAIL PROTECTED]>
[EMAIL PROTECTED] (COXG1)
[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
