Re: [newbie] DHCP, Firewall and Proxy
Dennis wrote: Hi, I want to setup a DHCP, Firewall and Proxy server. What do I need to install first? Thanks Dennis; Please send more info. How many network cards are in the Mandrake box, and is it (or will it be) directly connected to the Internet, or is it inside of a larger network and managing a number of other computers behind it? Mr. Geek Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
I have 3 NIC card... Actually I also have a plan to use that machine to having to internet connection... - Original Message - From: Mr. Geek [EMAIL PROTECTED] To: newbie@linux-mandrake.com Sent: Tuesday, February 22, 2005 6:17 PM Subject: Re: [newbie] DHCP, Firewall and Proxy Dennis wrote: Hi, I want to setup a DHCP, Firewall and Proxy server. What do I need to install first? Thanks Dennis; Please send more info. How many network cards are in the Mandrake box, and is it (or will it be) directly connected to the Internet, or is it inside of a larger network and managing a number of other computers behind it? Mr. Geek Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
On Tuesday 22 February 2005 04:11, Dennis wrote: Hi, I want to setup a DHCP, Firewall and Proxy server. What do I need to install first? Thanks Install drakwizard and your MandrakeControl Centre will have a new 'Server' section to allow you to install the DHCP and Proxy servers. For the Firewall use the Mandrake GUI for the initial setup, but then use the shorewall firewall module in Webmin for more detailed setup. (Install webmin, then start the webmin service in MandrakeControlCentreSystemServices, then point your browser to https://localhost:1 ) derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
Dennis wrote: I have 3 NIC card... Actually I also have a plan to use that machine to having to internet connection... OK, Then it would be better if you set up Mandrake to handle the Internet connection and Internet sharing first. If you plan on hosting any websites, email servers, FTP, or other Internet-available services, it would follow that you'll be better off with a static IP address and a domain name. As an alternative, you can use one of the many free dynamic DNS services, but a lot of your functionality may be a question of whether or not your ISP will permit it. For instance, your ISP may be blocking ports 21, 25, 80, and 110, effectively preventing you from offering FTP, SMTP, HTTP, and POP3 directly from your connection. This is something you'll have to find out by contacting them directly. On the other hand, assuming that you are allowed by the ISP to offer up your web services to the Internet, then I'd suggest a few things. Since you have 3 network interface cards (a.k.a. NIC's) already, I'd suggest that eth0 (NIC #1) be used for your Internet connection, eth1 (NIC #2) be used on it's own subnet (10.0.0.0/255.0.0.0 - for example) to connect to a hub or switch and from there to most of the other systems on your network, and finally eth2 (NIC #3) on a different subnet (192.168.0.0/255.255.255.0 - for example) to connect to one last system, which can host any additional services you wish to experiment with. As a bonus, you can build your firewall so that anything on NIC #3 can be your De-Militarized Zone (a.k.a. DMZ) and/or set up as a Honey Pot zone to trap would-be intruders. If you don't plan on implementing a DMZ in this fashion, then remove NIC #3, since it wouldn't serve any other purpose. The only other option with NIC #3 would be to set up the second subnet and to use it like NIC #2, as another subnet. Keep in mind that you should still use a different subnet than your first one. While that may be a lot to digest, it gives you several option on what you can do with the system. Once you decide on a plan of action, come back to the list with as much info as you can provide (ISP details, long-term goals of the Mandrake box, etc., and I'm sure that someone will be around to help out. Thus endeth the lesson. Mr. Geek Registered Linux User #190712 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
Derek Jennings wrote: On Tuesday 22 February 2005 04:11, Dennis wrote: Hi, I want to setup a DHCP, Firewall and Proxy server. What do I need to install first? Thanks Install drakwizard and your MandrakeControl Centre will have a new 'Server' section to allow you to install the DHCP and Proxy servers. For the Firewall use the Mandrake GUI for the initial setup, but then use the shorewall firewall module in Webmin for more detailed setup. (Install webmin, then start the webmin service in MandrakeControlCentreSystemServices, then point your browser to https://localhost:1 ) derek As an add-on to Derek's suggestion (well, sort of anyway), once you complete the Internet Connection Sharing Wizard, you can shut down Shorewall and Squid (permanently if you like), and switch to webmin networkingLinux Firewall to maintain Internet Connection Sharing and your firewall. For some of us (yes, me too), Linux Firewall is a lot less complex to manage, configure and maintain as long as you run Mandrake's ICS wizard first (and you only need to run it once). There seems to be a file located in /etc/sysconfig that is either modified or created when you run the ICS Wizard and that file makes ICS possible. I don't know which file it is, but then I normally don't have the time to find out. Once it's created, it stays put and works with Linux Firewall or Shorewall. On a small network with a broadband Internet connection, you might not want to use a proxy server (ie; Squid), and at least this gives you an option. Shorewall is definitely strong, but it's also highly complex to administer (at least in webmin), while Linux Firewall can take only a few minutes to set up. Since Mandrake's Shorewall Wizard is over simplified, it leaves a lot of the configuration possibilities and permutations out of the Wizard. As a direct opposite, IMHO, the webmin version of Shorewall can rapidly speed up your aging process. Linux Firewall allows you to set up a sophisticated firewall - one rule at a time, and like Shorewall, it will prevent you from starting a firewall which may have errors in it. One of the nicest benefits of the Linux Firewall is your ability to transport that set of rules as one file, instead of a bunch of sub-folders and files, allowing you to use it on other Mandrake systems with only a few basic changes. Again, it's only a question of choice. The good news is that you can play with both and decide which is best for you. -- Mr. Geek Registered Linux User #190712 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
The reason for having 3 NIC is for making Mandrakelinux handling Two Internet Connection and configure it automatic connection failover, it means when one ISP line down it will be automatically transfer to the other one. Is it possible? So the role of my Linux will be DHCP, Firewall, Proxy and Failover. My hardware specs right now is, P4 2.4GHz, 512MB, with 3NIC one is built-in... My plan is the built in one is use for LAN and the 2 NIC will be connected to my two ISP. Thanks - Original Message - From: Mr. Geek [EMAIL PROTECTED] To: newbie@linux-mandrake.com Sent: Tuesday, February 22, 2005 8:48 PM Subject: Re: [newbie] DHCP, Firewall and Proxy Dennis wrote: I have 3 NIC card... Actually I also have a plan to use that machine to having to internet connection... OK, Then it would be better if you set up Mandrake to handle the Internet connection and Internet sharing first. If you plan on hosting any websites, email servers, FTP, or other Internet-available services, it would follow that you'll be better off with a static IP address and a domain name. As an alternative, you can use one of the many free dynamic DNS services, but a lot of your functionality may be a question of whether or not your ISP will permit it. For instance, your ISP may be blocking ports 21, 25, 80, and 110, effectively preventing you from offering FTP, SMTP, HTTP, and POP3 directly from your connection. This is something you'll have to find out by contacting them directly. On the other hand, assuming that you are allowed by the ISP to offer up your web services to the Internet, then I'd suggest a few things. Since you have 3 network interface cards (a.k.a. NIC's) already, I'd suggest that eth0 (NIC #1) be used for your Internet connection, eth1 (NIC #2) be used on it's own subnet (10.0.0.0/255.0.0.0 - for example) to connect to a hub or switch and from there to most of the other systems on your network, and finally eth2 (NIC #3) on a different subnet (192.168.0.0/255.255.255.0 - for example) to connect to one last system, which can host any additional services you wish to experiment with. As a bonus, you can build your firewall so that anything on NIC #3 can be your De-Militarized Zone (a.k.a. DMZ) and/or set up as a Honey Pot zone to trap would-be intruders. If you don't plan on implementing a DMZ in this fashion, then remove NIC #3, since it wouldn't serve any other purpose. The only other option with NIC #3 would be to set up the second subnet and to use it like NIC #2, as another subnet. Keep in mind that you should still use a different subnet than your first one. While that may be a lot to digest, it gives you several option on what you can do with the system. Once you decide on a plan of action, come back to the list with as much info as you can provide (ISP details, long-term goals of the Mandrake box, etc., and I'm sure that someone will be around to help out. Thus endeth the lesson. Mr. Geek Registered Linux User #190712 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
Dennis wrote: The reason for having 3 NIC is for making Mandrakelinux handling Two Internet Connection and configure it automatic connection failover, it means when one ISP line down it will be automatically transfer to the other one. Is it possible? So the role of my Linux will be DHCP, Firewall, Proxy and Failover. My hardware specs right now is, P4 2.4GHz, 512MB, with 3NIC one is built-in... My plan is the built in one is use for LAN and the 2 NIC will be connected to my two ISP. Thanks Have a look at this Howto. It should help. http://linux-ip.net/html/adv-multi-internet.html MrGeek. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
In my case, what do I need to configure first, the DHCP, Firewall and Proxy or the Multiple Connection? Thanks - Original Message - From: Mr. Geek [EMAIL PROTECTED] To: newbie@linux-mandrake.com Sent: Wednesday, February 23, 2005 11:23 AM Subject: Re: [newbie] DHCP, Firewall and Proxy Dennis wrote: The reason for having 3 NIC is for making Mandrakelinux handling Two Internet Connection and configure it automatic connection failover, it means when one ISP line down it will be automatically transfer to the other one. Is it possible? So the role of my Linux will be DHCP, Firewall, Proxy and Failover. My hardware specs right now is, P4 2.4GHz, 512MB, with 3NIC one is built-in... My plan is the built in one is use for LAN and the 2 NIC will be connected to my two ISP. Thanks Have a look at this Howto. It should help. http://linux-ip.net/html/adv-multi-internet.html MrGeek. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
Dennis wrote: In my case, what do I need to configure first, the DHCP, Firewall and Proxy or the Multiple Connection? Thanks Go with the Internet connection as your first item of priority. It will make everything else a lot easier. -- Mr. Geek Registered Linux User #190712 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
You mean the multiple internet connection? - Original Message - From: Mr. Geek [EMAIL PROTECTED] To: newbie@linux-mandrake.com Sent: Wednesday, February 23, 2005 11:48 AM Subject: Re: [newbie] DHCP, Firewall and Proxy Dennis wrote: In my case, what do I need to configure first, the DHCP, Firewall and Proxy or the Multiple Connection? Thanks Go with the Internet connection as your first item of priority. It will make everything else a lot easier. -- Mr. Geek Registered Linux User #190712 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] DHCP, Firewall and Proxy
Dennis wrote: You mean the multiple internet connection? Yes. -- Mr. Geek Registered Linux User #190712 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
