Re: Which distro is best for me?
From: Jay \ (boogie350_at_NOSPAMyahoo.com)
Date: 09/21/03
- Next message: Jay \: "Re: Don`t want to use cups!<-: How do you drink coffee then? :->"
- Previous message: Chris Share: "Re: What Linux can learn from Windows..."
- In reply to: Davorin Vlahovic: "Re: Which distro is best for me?"
- Next in thread: Davorin Vlahovic: "Re: Which distro is best for me?"
- Reply: Davorin Vlahovic: "Re: Which distro is best for me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 20 Sep 2003 22:18:08 -0000
Davorin Vlahovic <A-Burn@fly.srk.fer.hr> wrote in
news:slrnbmpg9a.2dp.A-Burn@afrodita.home.lan:
> In article <Xns93FC9A9276D5Bboogie350NOSPAMyahoo@216.168.3.44>,
> Jay "Boogieman" Edwards wrote:
>> Hello all...
>
> Hello ;)
'SUP?
> Here's how I'd do it. Get a PC, load it with...let's say debian or
> slackware (they're not bloated, fairly techical, debian has a very
> good package system which enables it to be updated easily). Keep those
> poor windows machines for gaming ;)
>
> Use that machine as your gateway, firewall, SMTP and APOP (or POP3)
> server.
About 50 ISP changes and 30 virus infections ago, we decided not to
bother with POP3 mail at all and have simply set up accounts on Yahoo'
web mail. That way, we have the same address no matter what ISP's we
get used by and hardly get any spam in comparison to POP3 accounts. We
also have a spamtrap Hotmail account for signing up for web stuff, etc.
We go there if we are expecting an email confirmation, download it, and
sign out, leaving M$ to kindly store all our spam and virusmail! :-)
> To the outside, open only SMTP, and redirect inbound traffic for the
> game server just to ports required, and close everything else (of
> course, use ESTABLISHED and RELATED states in netfilter). Of course,
> you'll be using masquerading. This will keep you safe from worms.
Which brings up a question. Can the NAT/masq traffic go through the
router to the PC's correctly? This machine would be connecting to the NAT
router...
-Lotsa e-mail config stuff snippage-
> To set up such a system, you have to learn how to adminster Linux.
Ya don't say...
> The first thing you'll have to learn is how to use a text editor and
> know the following files (you're a newbie, use jed, but I prefer vim):
Umm... *nothing* and I do mean NOTHING can be as bad or hard to use as MS
EDLIN!!!! How hideous!!! My old DOS favorite was QEdit... Nice little
program... still have it too... As for man pages, they're great, although
sometimes overwhelming. There's always Google, which is priceless for
finding a wealth of information and help.
> For iptables (this is user-space utility to manage netfilter system in
> the Linux kernel), you'll have to write your own script, so I'll
> advise you to learn how to write your own shell scripts.
Hahaha! I'm certain that iptables *could* have been described in somewhat
less, shall we say, "SYSADMIN" terminology. Like, "iptables defines your
firewall/NAT functionality" would have sufficed.
> To check for open ports, use nmap (www.insecure.org), and to check the
> net from outside, go to http://www.grc.com and find the shields up or
> something like it to see if and which of your ports are open...
Yup... used both on Win32 before...
> Of course, read sites that scream "HOLE FOUND!" ;))
In windows it's safer to just assume that the "back wall" has collapsed!
> Don't install XFree86, you don't need it. The less systems you've got
> up, the less is the chance something's gonna get wrong.
On the server, I agree. But I also want to set up Linux on my other
boxes, which would be used for a variety of things which would pretty
much require an XFree86 server be initialized to run. Although *I*
personally don't mind working in a text-only environment, everyone else
around here would shout till the roof comes down if they didn't at least
have a GUI.
> After you boot up, close everything you don't need in /etc/inetd.conf
> (like time, echo, etc, leave smtp if it isn't a daemon started from a
> script), place "ALL:ALL" in /etc/hosts.deny, "127.0.0.1: ALL" and
> your local net IP, ie "192.168.1. : ALL" in /etc/hosts.allow (no, I'm
> not missing a number after the dot).
Booting lite goes without saying. I don't like a lot of services and
unwanted BG programs running. Actually, in my case it would be
"192.168.2. : ALL:"
> When finished, get into /etc/sshd_config, and change it so it looks
> something like this (ie, remove hashes, change "yes" to "no" and
> vice-versa where I tell you to):
>
> Port 22
> Protocol 2
> PermitRootLogin no
> PasswordAuthentication yes
> PermitEmptyPasswords no
> X11Forwarding=no
> Compression=yes
>
> There. What doesn't look like this, change it to look like this ;)
>
> I've probably missed a lot of this, but hey, it's 23.30 here ;)
>
>
> **********************************************************************
> *** *Welcome to Linux world!* ***
> **********************************************************************
> *** ***
> *** If you've got questions, just ask here ;) ***
> *** But first, check if the question was already answered. You ***
> *** can do this on http://groups.google.com. ***
> *** ***
> **********************************************************************
>
>
- Next message: Jay \: "Re: Don`t want to use cups!<-: How do you drink coffee then? :->"
- Previous message: Chris Share: "Re: What Linux can learn from Windows..."
- In reply to: Davorin Vlahovic: "Re: Which distro is best for me?"
- Next in thread: Davorin Vlahovic: "Re: Which distro is best for me?"
- Reply: Davorin Vlahovic: "Re: Which distro is best for me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
