Re: [newbie]Single Network Firewall, Xwindow Configuration Problem
Not sure where to ask this (Don't think there's an SNF Mail list and if there is, its hidden in some cave somewhere run by a Yogi who subsists on rice fish with my luck). Anyway... To the point of this email... or blunt end...whichever you prefer. I've successfully setup the SNF Distro that Mandrake (Kindly? Cruelly?) has made available to D/L. (As an aside, get Rid of that link for the HTML Installation guide! Its NOT THERE! Talk about a tease! sheesh...). Ahem, as i was saying, I d/led it got it installed. Teensy problem: I get the error: X-window settings error, X-window respawning too fast. Disabling X for 5 mins. (ARGH!?) OK so...Off to the web I go! (Sung to the tune of The Wizard of Oz)... Found the error: My stupid video card isn't properly enabled somehow (read: It needs help counselling...but i'm too stupid to provide hand holding). So, what to do? Well on a Normal Linux distro from MDK I just do a XFDrake -expert command on the CLI. Now, being a good little Penguin-in-training, I went to invoke this heartfelt command. ERROR: Command not found! BLARGH!? WTF? OK fine, theres gotta be another way... No Xsetup, Diskdrake, setup, X-anything!? ACK!? Couldn't find help files either!... hm... so... I'm stranded...? So... what to do? I d/led the PDF File (Useless futile gesture as that was)...hoping it would have something in it. Nada. So... I turn to you dear Warriors of Linux! Help a fellow Amazonian to overcome this heartbreaking Difficult period of Non-Guiness! If the points not been made clear enough, I want a GUI! Damnit! Call me a wimp, but I need it to set this shit up the command line ain't helping me. :) Ty much -- Femme Good Decisions You boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie]Single Network Firewall, Xwindow Configuration Problem
Dear Femme; All is well! Do not dispair! You must have missed the part - during the last page or two of the install regarding how to administer your firewall. Enhance your calm! Open a browser on a different machine, and point it to the IP address which you gave to SNF for your internal network card . For example; If your two network cards are configured properly by SNF, you will have two distinct addresses - 1 per card. They should be configured as eth0, and eth1. Since eth0 is usually configured as your public interface, your firewall will not allow you to connect to it by default, although you can modify this once you're in the GUI. That leaves eth1. If the IP Address of eth1 is 192.168.1.0, then you will point your browser to https://192.168.1.0:8443 . Notice the colon right between the IP address and the port number. 8443 is the default port for SNF, and usually works quite nicely. It is important to note that you must modify the IP address that you enter into your browser to match the IP address that you assigned to eth1 when you were installing. As a default, SNF also allows you to login directly on the machine with an ANSI GUI (Yuch! Ptewey!) to modify your settings, but it's quite a tedious way to get the job done. One more thing,...I would like to suggest that you re-install. But this time, when the install gives you a choice to install (Press Enter) or F1 (for other install options), select F1. At the prompt which follows, type the word expert and then press enter. You will get the same install GUI you're used to, but your options will be dramatically different! You will have the option to choose many of the packages which you do or don't want, which is something you don't get normally. If you do a conventional install (probably what you did) , the result will be a bunch of services running on SNF which you probably don't want like SMTP, and Telnet! Remember, use a different PC which is already a part of your network to connect to SNF. Be advised that it's not a very secure idea to run X on SNF, and that's why it's not installed by default. As a matter of fact, I'm not even sure that they include any desktop managers in it. Your GUI will be browser-based from other PC's, and will provide you a customized version of Webmin with Wizards to perform most functions, and an SSH terminal as well. Just make sure that you've got Java enabled on your browser. Hope this helps! If not, I suggest Valium! Grin! Grin! Lanman - Original Message - From: FemmeFatale [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 22, 2002 4:59 AM Subject: Re: [newbie]Single Network Firewall, Xwindow Configuration Problem Not sure where to ask this (Don't think there's an SNF Mail list and if there is, its hidden in some cave somewhere run by a Yogi who subsists on rice fish with my luck). Anyway... To the point of this email... or blunt end...whichever you prefer. I've successfully setup the SNF Distro that Mandrake (Kindly? Cruelly?) has made available to D/L. (As an aside, get Rid of that link for the HTML Installation guide! Its NOT THERE! Talk about a tease! sheesh...). Ahem, as i was saying, I d/led it got it installed. Teensy problem: I get the error: X-window settings error, X-window respawning too fast. Disabling X for 5 mins. (ARGH!?) OK so...Off to the web I go! (Sung to the tune of The Wizard of Oz)... Found the error: My stupid video card isn't properly enabled somehow (read: It needs help counselling...but i'm too stupid to provide hand holding). So, what to do? Well on a Normal Linux distro from MDK I just do a XFDrake -expert command on the CLI. Now, being a good little Penguin-in-training, I went to invoke this heartfelt command. ERROR: Command not found! BLARGH!? WTF? OK fine, theres gotta be another way... No Xsetup, Diskdrake, setup, X-anything!? ACK!? Couldn't find help files either!... hm... so... I'm stranded...? So... what to do? I d/led the PDF File (Useless futile gesture as that was)...hoping it would have something in it. Nada. So... I turn to you dear Warriors of Linux! Help a fellow Amazonian to overcome this heartbreaking Difficult period of Non-Guiness! If the points not been made clear enough, I want a GUI! Damnit! Call me a wimp, but I need it to set this shit up the command line ain't helping me. :) Ty much -- Femme Good Decisions You boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie]Single Network Firewall, Xwindow Configuration Problem
On Thursday 22 August 2002 04:59 am, you wrote: Not sure where to ask this (Don't think there's an SNF Mail list and if there is, its hidden in some cave somewhere run by a Yogi who subsists on rice fish with my luck). Anyway... To the point of this email... or blunt end...whichever you prefer. I've successfully setup the SNF Distro that Mandrake (Kindly? Cruelly?) has made available to D/L. (As an aside, get Rid of that link for the HTML Installation guide! Its NOT THERE! Talk about a tease! sheesh...). Ahem, as i was saying, I d/led it got it installed. Teensy problem: I get the error: X-window settings error, X-window respawning too fast. Disabling X for 5 mins. (ARGH!?) OK so...Off to the web I go! (Sung to the tune of The Wizard of Oz)... Found the error: My stupid video card isn't properly enabled somehow (read: It needs help counselling...but i'm too stupid to provide hand holding). So, what to do? Well on a Normal Linux distro from MDK I just do a XFDrake -expert command on the CLI. Now, being a good little Penguin-in-training, I went to invoke this heartfelt command. ERROR: Command not found! IIRC... this is becuase SNF is designed to be a no monitor needed box, and you MUST configure it via a web browser from inside the lan, connected to 192.168.0.1 BLARGH!? WTF? OK fine, theres gotta be another way... No Xsetup, Diskdrake, setup, X-anything!? ACK!? Couldn't find help files either!... hm... so... I'm stranded...? So... what to do? I d/led the PDF File (Useless futile gesture as that was)...hoping it would have something in it. Nada. So... I turn to you dear Warriors of Linux! Help a fellow Amazonian to overcome this heartbreaking Difficult period of Non-Guiness! If the points not been made clear enough, I want a GUI! Damnit! Call me a wimp, but I need it to set this shit up the command line ain't helping me. :) Ty much Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall
What kind of cards are they? I've never heard of a P166 handling one PCI NIC let alone 3 !! If these cards are in fact ISA, then it should support 1 or 2 but even so, I can't see it handling 3. Linux may detect them, but I'd be impressed if it could actually run that many at all. My home router runs FreeBSD 4.5 with 2 PCI network cards, in a 486/66. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Single Network Firewall
Quoting myself from 2 or 3 days ago. I happened to be just playing with one of my box hoping to make it into a firewall box in the last few days. It's a 133 with 96MB of RAM. I tried both Mandrake SNF and Smoothwall on it. I haven't played with it long enough to be an expert, thus what I know may not be all correct. With 3 NIC installed, you can setup Smoothwall with a dedicated DMZ. Both firewall can be managed with web interface, however, with this old machine I got, Smoothwall seems to generate the pages a bit faster than SNF. One of the problem I had with Smoothwall was with picking the LAN NIC. About 5 min into installation, a NIC for internal LAN (the green interface) has to be picked and it cannot be changed without reinstall (at least I haven't figured out how). If the card you want is not auto detected, you will have to pick from a list, not a problem if you have 3 identical NIC. I had 2 different kind of NIC and it kept picking the one I didn't want. Also, I don't know if this is the NIC module problem or something else, when I put 2 3Com 509b in the machine, I can only get one to work with both firewall. HTH Robin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Fred Fraley Sent: Friday, February 22, 2002 7:04 PM To: [EMAIL PROTECTED] Subject: [newbie] Single Network Firewall Anyone here using it? I'm thinking about it for a 4 desktop home network with a cable connection. I have a 166mmx w/32 megs and a 3 gig HD laying around I can use. (laying around! and it was only last spring I was still getting by with a 486/25, 8 meg, 540 HD. Sheesh!!) Wide open to other suggestions. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall
On Sunday 24 February 2002 04:47 am, Robin wrote: Quoting myself from 2 or 3 days ago. I happened to be just playing with one of my box hoping to make it into a firewall box in the last few days. It's a 133 with 96MB of RAM. I tried both Mandrake SNF and Smoothwall on it. I haven't played with it long enough to be an expert, thus what I know may not be all correct. With 3 NIC installed, you can setup Smoothwall with a dedicated DMZ. Both firewall can be managed with web interface, however, with this old machine I got, Smoothwall seems to generate the pages a bit faster than SNF. One of the problem I had with Smoothwall was with picking the LAN NIC. About 5 min into installation, a NIC for internal LAN (the green interface) has to be picked and it cannot be changed without reinstall (at least I haven't figured out how). If the card you want is not auto detected, you will have to pick from a list, not a problem if you have 3 identical NIC. I had 2 different kind of NIC and it kept picking the one I didn't want. Also, I don't know if this is the NIC module problem or something else, when I put 2 3Com 509b in the machine, I can only get one to work with both firewall. If you have two or more network cards in your computer, you may need to add an append statement to your /etc/lilo.conf file to describe the IRQ and address of both cards. My lilo append statement looks like this: append=ether=12,0x300,eth0 ether=15,0x340,eth1 12 and 15 being the irq and 300 and 340 the base IO address You may need to add the third cad something like append=ether=12,0x300,eth0 ether=15,0x340,eth1 ether=irq,base_io,eth2 Earlier in one of my systems I had to recompile the kernel to recognize multiple NICs -- Gerald Waugh Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall
What kind of cards are they? I've never heard of a P166 handling one PCI NIC let alone 3 !! If these cards are in fact ISA, then it should support 1 or 2 but even so, I can't see it handling 3. Linux may detect them, but I'd be impressed if it could actually run that many at all. Lanman - Original Message - From: Gerald Waugh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, February 24, 2002 7:14 AM Subject: Re: [newbie] Single Network Firewall On Sunday 24 February 2002 04:47 am, Robin wrote: Quoting myself from 2 or 3 days ago. I happened to be just playing with one of my box hoping to make it into a firewall box in the last few days. It's a 133 with 96MB of RAM. I tried both Mandrake SNF and Smoothwall on it. I haven't played with it long enough to be an expert, thus what I know may not be all correct. With 3 NIC installed, you can setup Smoothwall with a dedicated DMZ. Both firewall can be managed with web interface, however, with this old machine I got, Smoothwall seems to generate the pages a bit faster than SNF. One of the problem I had with Smoothwall was with picking the LAN NIC. About 5 min into installation, a NIC for internal LAN (the green interface) has to be picked and it cannot be changed without reinstall (at least I haven't figured out how). If the card you want is not auto detected, you will have to pick from a list, not a problem if you have 3 identical NIC. I had 2 different kind of NIC and it kept picking the one I didn't want. Also, I don't know if this is the NIC module problem or something else, when I put 2 3Com 509b in the machine, I can only get one to work with both firewall. If you have two or more network cards in your computer, you may need to add an append statement to your /etc/lilo.conf file to describe the IRQ and address of both cards. My lilo append statement looks like this: append=ether=12,0x300,eth0 ether=15,0x340,eth1 12 and 15 being the irq and 300 and 340 the base IO address You may need to add the third cad something like append=ether=12,0x300,eth0 ether=15,0x340,eth1 ether=irq,base_io,eth2 Earlier in one of my systems I had to recompile the kernel to recognize multiple NICs -- Gerald Waugh Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall
SNF is advertised as a specialized secure distro for one connection outside the local lan (external to the world and internet), and ONE connection to the internal lan (_must_ be IP #192.168.0.1) On Sunday 24 February 2002 07:14, you wrote: On Sunday 24 February 2002 04:47 am, Robin wrote: Quoting myself from 2 or 3 days ago. I happened to be just playing with one of my box hoping to make it into a firewall box in the last few days. It's a 133 with 96MB of RAM. I tried both Mandrake SNF and Smoothwall on it. I haven't played with it long enough to be an expert, thus what I know may not be all correct. With 3 NIC installed, you can setup Smoothwall with a dedicated DMZ. Both firewall can be managed with web interface, however, with this old machine I got, Smoothwall seems to generate the pages a bit faster than SNF. One of the problem I had with Smoothwall was with picking the LAN NIC. About 5 min into installation, a NIC for internal LAN (the green interface) has to be picked and it cannot be changed without reinstall (at least I haven't figured out how). If the card you want is not auto detected, you will have to pick from a list, not a problem if you have 3 identical NIC. I had 2 different kind of NIC and it kept picking the one I didn't want. Also, I don't know if this is the NIC module problem or something else, when I put 2 3Com 509b in the machine, I can only get one to work with both firewall. If you have two or more network cards in your computer, you may need to add an append statement to your /etc/lilo.conf file to describe the IRQ and address of both cards. My lilo append statement looks like this: append=ether=12,0x300,eth0 ether=15,0x340,eth1 12 and 15 being the irq and 300 and 340 the base IO address You may need to add the third cad something like append=ether=12,0x300,eth0 ether=15,0x340,eth1 ether=irq,base_io,eth2 Earlier in one of my systems I had to recompile the kernel to recognize multiple NICs Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall, OT a min pls
If you need 2 or 3 nics in the machine with SNF that is not a problem, I can plug those into the switch too if that is the case! :) I'm resourceful what can I say? Femme Gerald Waugh wrote: On Sunday 24 February 2002 05:37 pm, FemmeFatale wrote: So... if i use SNF and connect it to a switch (intelligent HUB basically), would that works as the one internal connections!?? I tried Smoothwall...gah! that things a real pain in the ass to setup :( Plus i'm not sure my cables work :P Regardless, will my idea work pls.? I doubt it. SNF wants a DMZ, doesn't it. Internet | SNF ---DMZ - Web Server, Email Server, DNS | - Private LAN Requires a NIC for each. Now, am I right or am I wrong? -- Gerald Waugh Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall, OT a min pls
On Sunday 24 February 2002 06:06 pm, FemmeFatale wrote: If you need 2 or 3 nics in the machine with SNF that is not a problem, I can plug those into the switch too if that is the case! :) I'm resourceful what can I say? Can your switch do port forwarding and/ or NAT (masq)? -- Gerald Waugh Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall, OT a min pls
its a Dlink DSS8+ and on the webpage all i can find is: = Store and Forward switching scheme ensures data integrity Is taht what you meant?! NAT I don't know. Femme Gerald Waugh wrote: On Sunday 24 February 2002 06:06 pm, FemmeFatale wrote: If you need 2 or 3 nics in the machine with SNF that is not a problem, I can plug those into the switch too if that is the case! :) I'm resourceful what can I say? Can your switch do port forwarding and/ or NAT (masq)? -- Gerald Waugh Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall setup
If you have a spare low end Pentium machine and a couple of NICs lying around, you have liftoff. There are many firewall products you could use. I have found InteractiveBastille which comes with your Mandrake distro easy enough. Others have suggested that gShield is easier still. Basically the steps are: 1. Connect your firewall box (it's really about to become a router) to the main LAN on one card and to your private LAN on the other. You'll need a separate hub for your private LAN of course. 2. Setup the addresses on your private LAN to form a subnet. 192.168.0.x/255.255.255.0 would be a reasonable choice. 3. Setup the IP address on the NIC connecting the private side of your router machine to an address inside the private subnet (like 192.168.0.1) 4. Set the address on the public side to an address in the main network's space. (one of the addresses you are using now would presumably work). 5. Set the machines in the private LAN to see your router as their gateway. 6. Set a route on the router from the private LAN to the main LAN. 7. Set the firewall on the router to trust your private LAN and treat the main LAN as public and untrusted. You'll find that the default firewall settings for whatever you choose to use will probably go close to what you need. Note that this will of course break apps that do things like telneting from the main LAN into one of your machines, but then this is what you want! This is very general. If the are any more specific requirements, post a block diagram of how you expect to set it up with specific questions and I'm sure you'll get lots of help in response. Hope this gets you started. cheers Brian On Thu, 2002-02-21 at 00:54, [EMAIL PROTECTED] wrote: Hi guys I finally convinced the supervisors in my university research group that our windows machines are not very safe as they are...they are connected to the net 24 hours a day with a couple of ports always open...and the information on thos pc are quite important...I thought we could use the Mandrake Single Network FIrewall (or smoothwall) to create an internal network and connect to the rest of university network and to the external world through such a secure firewall can anyone give any help or suggestion on how to set it up correctly...the network technicians here are useless (otherwise they wouldn't have ste up a Windoze network in the first place!) thanks in advance Maurizio __ Abbonati a Tiscali! Con Tiscali By Phone puoi anche ascoltare ed inviare email al telefono. Chiama Tiscali By Phone all' 892 800http://byphone.tiscali.it Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall setup
On Wed, 20 Feb 2002 13:54:32 +, [EMAIL PROTECTED] wrote: Hi guys I finally convinced the supervisors in my university research group that our windows machines are not very safe as they are...they are connected to the net 24 hours a day with a couple of ports always open...and the information on thos pc are quite important...I thought we could use the Mandrake Single Network FIrewall (or smoothwall) to create an internal network and connect to the rest of university network and to the external world through such a secure firewall can anyone give any help or suggestion on how to set it up correctly...the network technicians here are useless (otherwise they wouldn't have ste up a Windoze network in the first place!) There's a very good chance that these machines have been compromised already. The only way to be sure that they are safe would be to wipe their hard drives clean and reinstall Windows. At the same time, implement the GNU/Linux firewall. A firewall is useless if the fire has already passsed it. -- Sridhar Dhanapalan Mac OS, Windows, BeOS: they're all just Xerox copies. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall 7.2
On Tuesday 19 February 2002 17:48, you wrote: i using this firewall, before this one i used smooth firewall, and all i can say is get the mandrake firewall, a really good one. look on the ftp server of mandrake for the iso version Has anyone used Single Network Firewall 7.2? I'm looking at a firewall system, and was wondering if this product was worth buying? Is there other solutions anyone would suggest? Thanks! = Dan Belkie Forzani Group LTD System Architect [EMAIL PROTECTED] Phone: 403.717.1400 ext 1642 Mobile: 403.605.6354 http://www.sportchek.ca http://www.sportchek.ca/ = Parts that don't exist can't break. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Single Network Firewall
On Tuesday 12 June 2001 19:54, Florian wrote: On Monday 11 June 2001 22:33, Florian wrote: Did anyone try it? Im thinking of using it as a router for our company we have a lan with 10 pcs and a novell server (ouch) but since our ElsaLancom (never buy it) chrashes every 10 minutes i was wondering if Single Network Firewall firewall is an possibly easy to use alternative? If i did all the networks stuff by myself i would use a MDK8 version but since there are people taking care of the networking who dont have experience with linux i like the idea of boot a cd install boot and hop were up. Another question is if there are possibillities of putting ssh etc. servers on the Single Network Firewall? Do i expect too much ... little? Florian OK i did it finally a few impressions : At first i had slight problems cause i have a cable connection and two nics in the firewall machine one 3com (pci) it worked fine and got detected right away its the one wich goes to my cablemodem, the second nick (icl etherteam 16i ISA) did not get detected by SNF and since SNF doesnt include hardware configuration tools and i dint want to write the config files by hand (ough) and mess around with the modules (at 3 o clock in the night!) i cancelled the attempt and went to sleep zzz* . Next day ... went to my supplier bought a tulip pci and it worked like a charm right away using expert install finally it got both nics and i could (like in any other MDK system) configure everything at the install prozess one nick for lan with static ip and one for the modem with dhcpcd. Boot and hop . The interface from any browser looks smooth and is pretty detailed although the status for bastille firewall is marked as unknown but it is enabled and filters everything nicenice you can configure all your needs from this interface. At one place (i think it was secure login config) you need to have a java enabled browser ... (konqueror didnt work even with java) but all other options dont need any java so konqueror is just fine (actually it rules!!!) ill do some tests now to have a look if it does its job well (nmap will tell me =)) . My impression is that its rocksolid and will never need a reboot also the monitor you can leave away after instalation is complete . An ssh server is included . Now i need a little more docs to find out all extras (sure there are a lot) for example port forwarding to internal services such as ftp http etc. I can strongly recommend to replace your ElsaLancom or any other hardware router with this cute little linux software router !!! Cheers ps: since the interface is https:// based use a pc with atleast 150mhz cpu and a little bit more ram for SNF it will go smoother . Mine is just that kind of machine and i feel that i wouldn use slower cause the interface worx but is not the fastest actually weird if i connect with konqueror to the firewall i get a 7.5KB/sec (over LAN ) thats too slow must be a mandrake8 prob. cause with IE5 it goes a lot quicker ... and to connect with ssh to the firewall takes about 2 mins before it finally asks for a pass ... any ideas? Florian That is a resolution problem on the delay--a resolver has to give up looking for nameservices to allow things to go through. And remember it is https and we all know how great the security is for IE5. Https sacrifices speed for security. There are also some interesting squid options, like putting popup ads into 1-pixel transparencies or just plain blocking things like doubleclick.net. Civileme
