[SLE] IP Masq / DHCP / Firewalling

samelash＠ix.netcom.com

2 Apr 2000 2 Apr '00

12:31

Hi folks, I got wvdial.dod working with the german version from suse.de. Thanks for the link. Now whats next ? Dhcp ?? ip masq ??? Firewall ?? Which order do I start with . I do know the suse dhcp is buggy , where do I get the one that works ? Any one have a url ? which needs to be set up first , dhcp , or does ip masq need to be running first ? on ip masq is this done via yast or the kernal ? I assume that firewalling is last ? via ip chians yes ? Via yast ot kernal ? any one have that web addrss that sets ipchians up ? does it work with yast/suse ? -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

Show replies by date

agtiger＠coolnet.net

2 Apr 2 Apr

19:40

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

At 12:31 PM 04/02/2000 +0000, Samy Elashmawy wrote:

...

Hi folks,

Hi Samy. :-) Looks like I get a chance to repay the favor and help you with some system configurations.

...

I got wvdial.dod working with the german version from suse.de. Thanks for the link.

Now whats next ?

Dhcp ?? ip masq ??? Firewall ??

Well, I'll tell you what I did, provide some examples, and maybe this will give you a quicker start. It sounds like you're preparing a firewall/dialout box that connects you to the internet whenever one of your machines on your internal nettwork needs IP services/a connection to the internet. (and from your next message):

...

opps forgot to add , using suse usa 6 cd distro , dial up modem with wvdial.dod external modem on com 1 , 10 megabit ne200 compatable ethernet as eth0 , firewall/ipmasq/dhcp set ip as 10.20.30.9 , while the other machines have there ips set as 10.20.30.1....4 , and dial up gets its ip address from the isp on each new dial in, with a new ip on each new dial in .

Ok, the examples I'm going to provide use the standard for a class c internal network on 192.168.1.*, with a mask of 255.255.255.0. I'll leave it to you to change that to 10.20.30.*, with the appropriate mask.

...

Which order do I start with .

Ok, let's start with DHCP. I'm going to assume you mean DHCPD (the DHCP daemon) that you want to control what addresses the machines on your internal network receive. Your dialout connection will provide you with an address for your ppp0 link when you connect, so that angle is already taken care of.

...

From now on, I'll refer to your dialout/firewall machine simply as the firewall.

My internal network has the following setup: My firewall has eth0 configured as 192.168.1.1. It runs DHCPD to feed addresses to my other machines on my internal trusted network. I have four machines on the internal network: "fileserv", "agtiger", "bronze", and "twilight". DHCPD is configured to recognize the NIC card's hardware addresses and provide static IP's based on that. I also have a dynamic range of addresses available for unrecognized machines that hook to my network (ie, a friend brings their box over and wants to hook to my network quickly and easily). "fileserv" is my fileserver and gets address 192.168.1.10 "agtiger" is a linux/win98 dual boot workstation and gets address "192.168.1.101" "bronze" is a win95 workstation and gets address "192.168.1.102" "twilight" is a win98 workstation and gets address "192.168.1.103" Lastly, new machines I don't recognize get addresses between "192.168.1.200" and "192.168.1.220" inclusive. Let's start with DHCP. Using Yast, install "dhcp" out of series n (Network-Support (TCP/IP, UUCP, Mail, News) You'll then need to edit your /etc/dhcpd.conf Here's my /etc/dhcpd.conf = = = cut here, /etc/dhcpd.conf begins, cut here = = = subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.200 192.168.1.220; option domain-name "coolnet.net"; option domain-name-servers 192.168.1.1; option routers 192.168.1.1; option ip-forwarding on; option netbios-name-servers 192.168.1.10; host dialout { hardware ethernet 00:A0:CC:34:D1:1B; fixed-address 192.168.1.1; option host-name "dialout"; } host fileserver { hardware ethernet 00:50:04:AC:2A:B0; fixed-address 192.168.1.10; option host-name "fileserver"; } host agtiger { hardware ethernet 00:A0:CC:34:8A:B8; fixed-address 192.168.1.101; option host-name "agtiger"; } host bronze { hardware ethernet 00:A0:CC:34:8A:BA; fixed-address 192.168.1.102; option host-name "bronze"; } host twilight { hardware ethernet 00:A0:CC:34:D1:2A; fixed-address 192.168.1.103; option host-name "twilight"; } } = = = cut here, /etc/dhcpd.conf ends, cut here = = = Let's look at the top part in more detail: ubnet 192.168.1.0 netmask 255.255.255.0 - This indicates I'm running a class c network using an address guaranteed not to cause problems if the packets were to leak to the internet since routers should know not to pass packets with these addresses. range 192.168.1.200 192.168.1.220; - This is for any machine that connects to my internal network for which I have not defined a static address based on the network card's unique hardware address. option domain-name "coolnet.net"; - I needed something for an internal domain, so I used my ISP's domain name. I don't have a static IP or dedicated connection to the internet. option domain-name-servers 192.168.1.1; - I run bind8 on my firewall machine so that reverse ARP lookups from one internal network machine to another don't trigger a dialup connection. (Thanks to Marc Heuse at suse.de for pointing out how to fix that problem!) option routers 192.168.1.1; - This tells my internal machines that the firewall is their router. option ip-forwarding on; - This tells my internal machines to use ip forwarding. option netbios-name-servers 192.168.1.10; - This tells my internal MSWindows based workstations that an NBNS/WINS server runs on the network, and it lives at 192.168.1.10 (my file server). My windows workstations think they're logging into an NT server. And now, let's look at one of the host sections: host fileserver - A unique name for this host section/machine hardware ethernet 00:50:04:AC:2A:B0; - The hardware/MAC address for the specific card in this machine. fixed-address 192.168.1.10; - The address I want to assign to this machine when it asks for one. option host-name "fileserver"; - A host name to assign to this machine. On to the SuSEfirewall 2.1 configuration: SuSEfirewall can be downloaded from: http://www.suse.de/~marc/SuSEfirewall-2.1.tar.gz Extract it into a directory, change to that directory, and run the INSTALL script. ./INSTALL Edit you /etc/rc.config file, and either add, or ensure the following line is present: START_FW="yes" Here are the changes I made to /etc/rc.firewall, based on the SuSEfireall 2.1 package installation: FW_DEV_WORLD="ppp0" - This is the device that the internet is connected at. FW_DEV_INT="eth0" - This is the device that connects to the internal trusted network FW_ROUTE="yes" - Activates routing between the internal and internet (and the dmz, which I don't have activated) FW_MASQUERADE="yes" - Masquerade the internal network addresses. FW_MASQ_NETS="192.168.1.0/24" - The internal network masqueraded addresses, complete with netmask (/24). FW_SERVICES_EXTERNAL_TCP="domain" FW_SERVICES_EXTERNAL_UDP="domain" - Allow domain name service on the external side FW_SERVICES_INTERNAL_TCP="telnet ftp ssh domain icq netbios-ns netbios-dgm netbios-ssn FW_SERVICES_INTERNAL_UDP="domain netbios-ns netbios-dgm" - I'm pretty lenient with the internal workstations. For TCP/IP, I allow workstations access through the firewall for: = telnet (self explanatory) = ftp (self explanatory) = ssh (secure shell) = domain (dns) = icq (Mirabilis' ICQ chat program. This requres a special addition to /etc/services that I'll cover later) = netbios-ns, netbios-dgm, and netbios-ssn - these are for samba services I'm running on the internal side of the firewall. (A printer lives on my firewall and other machines print to it). For UDP, I allow workstations access through the firewall for: = domain (dns) = netbios-ns and netbios-dgm (samba) FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" - Used to say just "dns", but the firewall script complained that it wanted it to be "yes" if I was running a bind8/dns server. (The next three settings go together, so even though I'm not changing one, I'll still mention it) FW_SERVICE_DNS="yes" - Needs to be yes for running a local bind8/dns server. FW_SERVICE_DHCLIENT="no" - I never changed this. You might think you need "yes" here, but that's not what you want if you're using wvdial to connect to an ISP. wvdial will make the appropriate changes. You'd set this to yes if you were connecting your local sub-net into a larger address, and the firewall machine got its primary address from another dhcp server. FW_SERVICE_DHCPD="yes" - You need this set to yes since you're running DHCPD to provide addresses to the machines on your internal trusted network. Now, I mentioned a small change to /etc/services to allow for ICQ: At the very end, add this: # # Entry for ICQ # icq 4000/tcp icq 4000/udp That allows you to reference "icq" as a TCP or UDP service in /etc/rc.firewall. :-)

...

I do know the suse dhcp is buggy , where do I get the one that works ? Any one have a url ?

I've found it to work, try my configuration above.

...

which needs to be set up first , dhcp , or does ip masq need to be running first ?

Well, I'd get the firewall running first, then put in DHCPD. Yesterday I helped Jon Pennington install both simultaneously so he'd have a dedicated firewall.

...

on ip masq is this done via yast or the kernal ?

IP Masquerading is done via IPChains rules, set up by the SuSEfirewall package.

...

I assume that firewalling is last ? via ip chians yes ? Via yast ot kernal ? any one have that web addrss that sets ipchians up ? does it work with yast/suse ?

The nice thing about SuSEfirewall 2.1 is that it handles the IPChains rules for you. This was a problem I had understanding this phase of it until I'd set it up a few times. Marc Heuse (marc@suse.de) has made the SuSEfirewall package a joy to set up and very easy to use. You _might_ have to make changes to the kernel configuration to get your firewall working correctly. Under /usr/src/linux, when I do a "make menuconfig", I have the following options you might find useful. Networking Options ---> < > CIPE: encrypted IP-in-UDP tunneling <*> Packet socket [*] Kernel/User netlink socket [*] Routing messages <*> Netlink device emulation [*] Network firewalls [ ] Network security (ENskip support) [ ] Socket Filtering <*> Unix domain sockets [*] TCP/IP networking [ ] IP: multicasting [*] IP: advanced router [*] IP: policy routing [ ] IP: equal cost multipath [*] IP: use TOS value as routing key [*] IP: verbose route monitoring [ ] IP: large routing tables [ ] IP: fast network address translation [ ] IP: kernel level autoconfiguration [*] IP: firewalling [*] IP: firewall packet netlink device [*] IP: use FWMARK value as routing key [*] IP: transparent proxy support [*] IP: masquerading --- Protocol-specific masquerading support will be built as modules. [*] IP: ICMP masquerading --- Protocol-specific masquerading support will be built as modules. [*] IP: masquerading special modules support <M> IP: ipautofw masq support (EXPERIMENTAL) <M> IP: ipportfw masq support (EXPERIMENTAL) <M> IP: ip fwmark mas-forwarding support (EXPERIMENTAL) [*] IP: optimize as router not host [ ] IP: tunnelling [ ] IP: GRE tunnels over IP [*] IP: aliasing support [ ] IP: ARP daemon support (EXPERIMENTAL) [*] IP: TCP syncookie support (not enabled per default) --- (it si safe to leave these untouched) [*] IP: Reverse ARP [*] IP: IP: Allow large windows (not recommended if <16Mb of memory) < > The IPv6 protocol (EXPERIMENTAL) --- < > The IPX protocol < > Appletalk DDP < > CCITT X.25 Packet Layer (EXPERIMENTAL) < > LAPB Data Link Driver (EXPERIMENTAL) [ ] Bridging (EXPERIMENTAL) [ ] 802.2 LLC (EXPERIMENTAL) < > Acorn Econet/AUN protocols (EXPERIMENTAL) < > WAN router [ ] Fast switching (read help!) [ ] Forwarding between high speed interfaces [ ] CPU is too slow to handle full bandwidth QoS and/or fair queueing ---> [*] QoS and/or fair queueing <M> CBQ packet scheduler < > CSZ packet scheduler <M> The simplest PRIO pseudoscheduler <M> RED queue <M> SFD queue <M> TEQL queue <M> TBF queue [*] QoS support [*] Rate estimator [*] Packet classifier API <M> Routing table based classifier <M> Firewall based classifier <M> U32 classifier <M> Special RSVP classifier < > Special RSVP classifier for IPv6 [*] Ingres traffic policing *phew*, this was a lot of typing. I hope it helps you and others out. :-) -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

samelash＠ix.netcom.com

15:48

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

long post , will take it home and study it. I see that you are also using dhcp? to pass out ips ?? Right

...

Looks like I get a chance to repay the favor and help you with some system configurations.

No problem , one hand helps the other , and you never know what/who is next. Linux ccamrodery to the max

...

...
Dhcp ?? ip masq ??? Firewall ??

Well, I'll tell you what I did, provide some examples, and maybe this will give you a quicker start.

wow lots of detial here.

...

It sounds like you're preparing a firewall/dialout box that connects you to the internet whenever one of your machines on your internal nettwork needs IP services/a connection to the internet.

Correct , hit the nial on the head.

...

Ok, let's start with DHCP. I'm going to assume you mean DHCPD (the DHCP daemon) that you want to control >what addresses the machines on your internal network receive. Your dialout connection will provide you with an address for your ppp0 link when you connect, so that angle is already taken care of.

Confusion here. DHCP is used to get the ips ip address that it assings to you each time you dial into it and start a connection. It then somehow passes/swaps/or hwahet ever it does this server assinged address with the ip masq configuration that expects the same ip adddress all the time.

...

My internal network has the following setup: My firewall has eth0 configured as 192.168.1.1. It runs DHCPD to feed

...

DHCPD is configured to recognize the NIC card's hardware addresses and

addresses to my other machines on my internal trusted network. I have four machines on the internal network: "fileserv", "agtiger", "bronze", and "twilight". provide static IP's based on that. I also have a dynamic range of addresses available for unrecognized machines that hook to my network (ie, a friend brings their box over and wants to hook to my network quickly and easily). Now here where I start getting confused. You are using DHCP to pass out ip numbebers based on hardware settings ? mac adress or what ? do they get a diffrent one each time ? I currently have set each machine with an ip address in yas that does not change. Then I have added the ip address and host names to the host file on each machoine. Starting to be a pian in the but with 5 boxes. Know of something easier ?

...

"fileserv" is my fileserver and gets address 192.168.1.10 "agtiger" is a linux/win98 dual boot workstation and gets address "192.168.1.101" "bronze" is a win95 workstation and gets address "192.168.1.102" "twilight" is a win98 workstation and gets address "192.168.1.103" Lastly, new machines I don't recognize get addresses between "192.168.1.200" and "192.168.1.220" inclusive.

This is neat for file coping ect...

...

Let's start with DHCP. Using Yast, install "dhcp" out of series n

(Network-Support (TCP/IP, UUCP, Mail, >News) wvdial.dod makes a connection each time its nead4ed , and each time it is assinged a diffrent ip number , so I understand that dhcp is what grabs the number ans with some magic gets ip masq/fowarding to use it instad of a hard coded permanent number ? allready installed along with ipchians and ipmasqad packages. I just dont know how to use them and what order.

...

You'll then need to edit your /etc/dhcpd.conf

Ok DHCPD , that some sort of deamon like wvdiaal.dod? right? o before I go furrther I need to figue out the dhcp set up , as right now my machines are hardcoded. Seems neat to use dhcp tp pass the ip address out as needed each time. You mentioned dhcp will assing a permant ip based on hardware ? Mac address right ? ipconfig to get this ? Dont't want to get into half way and then decide to change things around. what is involved in seting dhcp to pass them out based on hardware , then leave a range for temp add ins. Can this be done in yast ? or is this the kind of thing that you end up doing out of yast and then must update the config out side of yast ? How do you piont the clients win/linux to grab the ip address form the dhcp server ? Is this the same one that handles the firewalling/dial up ect... Is that secure to have it on the same dial up server ? I segmented the firwall/dial up bax onto a seperate on to keet it segmanted from tha samba server. JP or Goerge Toft strongly recamended the bastion aproach to keep the bad stuff away. Rgarding the firewalling , why the one from the suse web sight ? hows it diffrent from whats on the cd set ? Dial ups conections suck for big downloads ? whats icq ? I also note your tackling all this from outside of yast ? why ? yast to simplistic ? -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

agtiger＠coolnet.net

22:29

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

At 03:48 PM 04/02/2000 +0000, Samy Elashmawy wrote: There's a lot of questions I have to answer. I'll try to be as clear as I can.

...

long post , will take it home and study it.

That's a good idea. I wanted you to have something you could print out and use as a reference when making your changes.

...

I see that you are also using dhcp? to pass out ips ?? Right

To answer your question briefly, yes. I use package 'dhcp' which is a DHCP Daemon (DHCPD) to hand out addresses to the machines on my internal network. There are two packages you can install under series 'n' in yast: "dhclient" and "dhcp". 'dhclient' is the DHCP client. Its configuration file is /etc/dhclient.conf It is loaded at boot time only if the following setting is present in /etc/rc.config: DHCLIENT="yes" Its job is to get an address from another machine's DHCP server. Your dialup firewall does NOT need to run the 'dhclient' package (the dhcp client). wvdial will get your address for you when you connect, assign it to your "ppp0" interface, and modify your routing table accordingly. 'dhcp' is the DHCP server/daemon, which I sometimes call DHCPD. Its configuration file is /etc/dhcpd.conf It is loaded at boot time only if the following setting is present in /etc/rc.config: START_DHCPD="yes" Its job is to provide addresses to other machines wanting to get ip addresses. You need to run this package somewhere on your network, either on your firewall, or on another machine.

...

wow lots of detial here.

I try to be complete.

...

...
It sounds like you're preparing a firewall/dialout box that connects you to the internet whenever one of your machines on your internal nettwork needs IP services/a connection to the internet.

Correct , hit the nial on the head.

Ok, piece of cake, my examples I provided in the last post should be very useful to you, since I pulled them off my firewall machine that works exactly how you want yours to. :-)

...

...
Ok, let's start with DHCP. I'm going to assume you mean DHCPD (the DHCP daemon) that you want to control >what addresses the machines on your internal network receive. Your dialout connection will provide you with an address for your ppp0 link when you connect, so that angle is already taken care of.

...

Confusion here. DHCP is used to get the ips ip address that it assings to you each time you dial into it and start a connection. It then somehow passes/swaps/or hwahet ever it does this server assinged address with the ip masq configuration that expects the same ip adddress all the time.

You don't need to worry about the dhcp client software. wvdial.dod and wvdial will take care of this for you when you connect to the internet. It will get an ip address to bind to the "ppp0" device, and will modify the routing table accordingly.

...

...
My internal network has the following setup: My firewall has eth0 configured as 192.168.1.1. It runs DHCPD to feed addresses to my other machines on my internal trusted network. I have four machines on the internal network: "fileserv", "agtiger", "bronze", and "twilight". DHCPD is configured to recognize the NIC card's hardware addresses and provide static IP's based on that. I also have a dynamic range of addresses available for unrecognized machines that hook to my network (ie, a friend brings their box over and wants to hook to my network quickly and easily).

...

Now here where I start getting confused. You are using DHCP to pass out ip numbebers based on hardware settings ? mac adress or what ? do they get a diffrent one each time ?

I am using the DHCP Daemon (ie, DHCPD, configured via /etc/dhcp.conf) to pass out addresses to my internal workstations. The firewall will provide a specific predetermined address if it recognizes the mac address of the card on the workstation making the request. It will provide a variable address from 192.168.1.200 to 192.168.1.220 if it does NOT recognize the mac address of the card on th workstation making the request. The firewall is configured to use 192.168.1.1 on eth0, always. This can be configured through yast: System Administration -> Network configuration -> Network base configuration Number Active Type of network Device name IP address [0] [x] Ethernet eth0 192.168.1.1 If you press <return> on that line, you'll get a configuration screen. Here's what mine looks like: Type of network: eth0 IP address of your machine: 192.168.1.1 Netmask (usually 255.255.255.0): 255.255.255.0 Default gateway address (if required): IP address of the Point-to-Point partner: The file server is to use a variable address assigned by running the dhcp client on eth0. This can be configured through yast: System Administration -> Network configuration -> Network base configuration Number Active Type of network Device name IP address [0] [x] Ethernet eth0 dhcpclient If you press <return> on that line, you'll get a configuration screen. Here's what mine looks like: Type of network: eth0 IP address of your machine: 192.168.1.10 Netmask (usually 255.255.255.0): 255.255.255.0 Default gateway address (if required): 192.168.1.1 IP address of the Point-to-Point partner: Now, you might be wondering, if you specified an IP address here, how does my file server get an address through the dhcp client? Select < Continue >, and return to the previous screen. Select "F3=Auto IP" and then < DHCP >. Now the machine will get its address from the DHCP server on the network (the firewall). :-) My windows workstations are configured to get their addresses from the firewall in this way:

...

From the "Start" menu:

[Start] [Settings] [Control Panel] [Network] Highlight the TCP/IP entry for your card Click the <Properties> button Select: Obtain an IP address automatically

...

I currently have set each machine with an ip address in yas that does not change.

You can do this if you want, you don't _have_ to run a dhcp server or the dhcp client on each machine in that event.

...

Then I have added the ip address and host names to the host file on each machoine. Starting to be a pian in the but with 5 boxes. Know of something easier ?

Yes, if you run the bind8 package on the firewall, and set up your hosts file there, the firewall will help other machines on your network by looking up addresses first in its /etc/hosts file, and then by connecting to the internet and resolving the address via another server.

...

Ok DHCPD , that some sort of deamon like wvdiaal.dod? right?

DHCPD is the DHCP Daemon/server. You run it on your firewall to provide network addresses to machines on your internal network.

...

so before I go furrther I need to figue out the dhcp set up , as right now my machines are hardcoded.

That would be a great place to start. :-)

...

Seems neat to use dhcp tp pass the ip address out as needed each time. You mentioned dhcp will assing a permant ip based on hardware ? Mac address right ? ipconfig to get this ?

Correct, except that the command you want to use is 'ifconfig'. Here's the output of ifconfig on my file server (192.168.1.10): root@fileserv:/home/agtiger > ifconfig eth0 Link encap:Ethernet HWaddr 00:50:04:AC:2A:B0 inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2912 errors:0 dropped:0 overruns:0 frame:0 TX packets:4492 errors:0 dropped:0 overruns:0 carrier:0 collisions:1277 txqueuelen:100 Interrupt:18 Base address:0xe000 The hardware address you want to reference in the firewall's /etc/dhcpd.conf file is the "HWaddr 00:50:04:AC:2A:B0" part. Obviously, your 6 hexadecimal digits will be different. :-)

...

Can this be done in yast ? or is this the kind of thing that you end up doing out of yast and then must update the config out side of yast ?

I think the DHCP server (/etc/dhcpd.conf) on the firewall needs to be set up manually, not in YaST.

...

How do you piont the clients win/linux to grab the ip address form the dhcp server ?

See above. :-)

...

Is this the same one that handles the firewalling/dial up ect...

The firewall has a static address bound to eth0. (See above) The other machines have variable addresses, assigned by DHCPD on the firewall.

...

Is that secure to have it on the same dial up server ?

I can only answer that by saying "maybe". It's not visible from the "ppp0" interface, so it *should* be safe.

...

I segmented the firwall/dial up bax onto a seperate on to keet it segmanted from tha samba server. JP or Goerge Toft strongly recamended the bastion aproach to keep the bad stuff away.

*nod* I can only tell you how I run my setup. I have to have a reasonable amount of trust in my firewall to make my internal machines invisible from the outside, otherwise what's the point of running a firewall? :-)

...

Rgarding the firewalling , why the one from the suse web sight ? hows it diffrent from whats on the cd set ?

It's more up to date than the one on the CD set, it has more options, and in my opinion, runs better. It also allows for running a dhcp server on the same machine you're running a firewall on. Version 1.4 didn't allow for that.

...

Dial ups conections suck for big downloads ?

I heartily agree. However, SuSEfirewall 2.1 is a small package.

...

whats icq ?

It's a small chat program/net pager application created by Miribilis, and now owned/operated by AOL.

...

I also note your tackling all this from outside of yast ? why ? yast to simplistic ?

Yast doesn't allow for configuration of everything to do something this large. Yast can't manage SuSEfirewall, and I don't think it manages the DHCP server configuration. I administer my systems with a combination of YaST, and editing config files directly. Oh, one last thing, if you edit the /etc/rc.config file directly, don't forget to run "SuSEconfig" afterwards. YaST runs that after you change settings. :-) Hope this helped, Argentium -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

samelash＠ix.netcom.com

4 Apr 4 Apr

08:34

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

...

It's more up to date than the one on the CD set, it has more options, and in my opinion, runs better. It >also allows for running a dhcp server on

Sniped a lot of stuff . the same machine you're running a firewall on. Version 1.4 didn't >allow for that. Will download it and install it via yast. Thanks for the addes info.

...

...
I also note your tackling all this from outside of yast ? why ? yast to simplistic ? Yast doesn't allow for configuration of everything to do something this large. Yast can't manage >SuSEfirewall, and I don't think it manages the DHCP server configuration. I administer my systems with a> >combination of YaST, and editing config files directly.

How do you keep it all in sync between the two ie hand edit files and yast admin ? Ah ha . Makes sence now. With my linited time , I have allways tried to use yast whenever I can ! I try to aviod hand coded stuff , as yast like to over right sometimes , and that means I need to keep copies, Resolv.conf allways disapears on me , and xf86config gives realy priecise settings. give it the right numbers(do you homework first) and it works like a charm.

...

Oh, one last thing, if you edit the /etc/rc.config file directly, don't forget to run "SuSEconfig" afterwards. YaST runs that after you change settings. :-)

Will do.

...

Hope this helped, Argentium

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

agtiger＠coolnet.net

15:44

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

Samy Elashmawy wrote:

...

Will download it and install it via yast. Thanks for the addes info.

No problem. :-)

...

How do you keep it all in sync between the two ie hand edit files and yast admin ?

Well, I'll hand edit rc.config and then run SuSEconfig afterwards for some things, and I tend to edit other configuration files that YaST either doesn't manage at all, or that I can tell YaST *not* to manage by setting certain settings in rc.config.

...

Ah ha . Makes sence now. With my linited time , I have allways tried to use yast whenever I can !

Using YaST makes good sense, it does a lot of the grunt work for you in a variety of areas. :-) I just love to mess around at the lower level too. Take care, Argentium -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

jhoepner＠tvsw.org

5 Apr 5 Apr

19:14

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

Argentium, Thanks for taking the time to write this well-documented email - and for posting to the list for everyone's benefit! I can really understand and appreciate the detail of the the information you provided. This will be a great help! Also, thanks to everyone else who unselfishly provide much needed info! My hat's off to all of you!!! Thanks, jrh <snip> -----Original Message----- From: Argentium G. Tiger [mailto:agtiger@coolnet.net] Sent: Sunday, April 02, 2000 5:29 PM To: suse-linux-e@suse.com Cc: Samy Elashmawy Subject: Re: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!) At 03:48 PM 04/02/2000 +0000, Samy Elashmawy wrote: There's a lot of questions I have to answer. I'll try to be as clear as I can.

...

long post , will take it home and study it.

That's a good idea. I wanted you to have something you could print out and use as a reference when making your changes... -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

agtiger＠coolnet.net

23:23

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

...

Thanks for taking the time to write this well-documented email - and for posting to the list for everyone's benefit! I can really understand and appreciate the detail of the the information you provided. This will be a great help!

You're quite welcome. I'm glad it was useful to you. :-) Thanks for the kind comments, Argentium -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

pthomas＠suse.de

3 Apr 3 Apr

02:42

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

* Argentium G. Tiger (agtiger@coolnet.net) [20000402 21:45]: Argentium, when posting in the future, please limit the line length to approx. 75 chars. This makes reading a mail in text mode readers much easier and also eases quoting. Philipp -- Philipp Thomas SuSE GmbH, Schanzaecker Str. 10, D-90443 Nuremberg, Germany #define NINODE 50 /* number of in core inodes */ #define NPROC 30 /* max number of processes */ -- Version 7 UNIX fuer PDP 11, /usr/include/sys/param.h -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

agtiger＠coolnet.net

4 Apr 4 Apr

15:41

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

At 04:42 AM 04/03/2000 +0200, Philipp Thomas wrote:

...

when posting in the future, please limit the line length to approx. 75 chars. This makes reading a mail in text mode readers much easier and also eases quoting.

Thanks for letting me know about the Philipp, I had turned word-wrap off in Eudora a while back when I was trying to post the wvdial.dod script for someone. I've got it turned back on now. Let me know if it's not automatically wordwrapping. (Eudora won't matter shortly, I'm switching my email over from the windows desktop to the KDE desktop. Do you know a really good X email client (or KDE) that has a whole whack of features including a powerful filtering set?) -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

Gerry.Feldman＠compaq.com

16:15

New subject: [SLE] IP Masq / DHCP / Firewalling (Reply: LONG!)

I use exmh. It has been around for a long long time, and is based on MH which has been around for a much longer time. You have a choice of using either MH's filtering (maildrop) or using procmail. With either your incoming email drops into the desired folder. In the mh model, folders are directories, and each individual email is a separate file. One real advantage is that you can use many of the standard Unix tools, like find and grep. Another advantage is that you can use the text based mh tools if you decide to telnet into your system. On 4 Apr 2000, at 10:41, Argentium G. Tiger wrote:

...

At 04:42 AM 04/03/2000 +0200, Philipp Thomas wrote:

...
when posting in the future, please limit the line length to approx. 75 chars. This makes reading a mail in text mode readers much easier and also eases quoting.

Thanks for letting me know about the Philipp, I had turned word-wrap off in Eudora a while back when I was trying to post the wvdial.dod script for someone. I've got it turned back on now. Let me know if it's not automatically wordwrapping.

(Eudora won't matter shortly, I'm switching my email over from the windows desktop to the KDE desktop. Do you know a really good X email client (or KDE) that has a whole whack of features including a powerful filtering set?)

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

-- Jerry Feldman Contractor, eInfrastructure Partner Engineering 508-467-4315 http://www.testdrive.compaq.com/linux/ Compaq Computer Corp. 200 Forest Street MRO1-3/F1 Marlboro, Ma. 01752 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

8797

Age (days ago)

8800

Last active (days ago)

List overview

Download

10 comments

5 participants

participants (5)

agtiger＠coolnet.net
Gerry.Feldman＠compaq.com
jhoepner＠tvsw.org
pthomas＠suse.de
samelash＠ix.netcom.com