Re: Newbie two homed question.
From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: Mon, 13 Dec 2004 21:06:03 GMT
On Mon, 13 Dec 2004 17:49:58 GMT, Larry Lindstrom wrote:
>> To prove you received a lease, one of the following might work
>> cat /etc/dhcpc/dhcpcd-eth1.info
>> cat /var/lib/dhcp/dhclient-eth1.leases
> For RH9 it's the /var path. Thanks for showing
> me the choices of different Linux systems.
Not different linux, those are different dhcp clients (dhcpcd,
dhclient) which drop their files into different locations.
See http://www.distrowatch.com for linux list :)
>> Just for fun, change the linux-1 to linux_1 and look in
>> /etc/sysconfig/network-scripts/ for ifcfg-eth* files to make sure
>> there is only one ifcfg-eth0 and ifcfg-eth1 file for those nics.
> I didn't do this, because you solved the problem
> with the "ipconfig /release", but I have a question.
> When I named a earlier PC (6.2 or 7.something or maybe
> this version 9) RH on a PC named "linux_1" I was
> surprised to find the "_" is not a legal character in
> the name of a network node. Was I mistaken?
Well, shuckey dern. I was nervous about the - when it was to be used
in the network scripts.
If you ever wonder how the nic get setup look at
I will have to take your word on the underscore, until I test it. :)
>> If I were you, I would create a ~4 gig free/unformated/unknown
>> partition on the doze box and install the RH 9 with the gui stuff,
>> That way you can dual boot the doze box.
> Win2k and Win98 share that computer with Solaris. As I
> understand it, Solaris and Linux have some conflict with partition
> IDs. I believe this is only an issue at installation, but it's a
> problem, and I don't have room for another OS anyway anyway.
I hear you, I know there are other keywords which go into the
ifcfg-eth and was worried you might need them.
> This is an old 266MHz Pentium.
I'm running a 500mhz and 400 mhz AMD-K6 boxes.
> I'm running the Gnome GUI and it was pathetic.
If you can get 256 meg ram it will help.
I though you had not loaded the gui tools.
I would get into the config tool and set eth0 to see how it sets
> Is there a way to run GUI apps, for system administration tasks and
> such, remotely?
You can load the webmin server and if running you can connect to it
with https://ip_addy_or_name_here:100000 in your browser.
Another method is use ssh or rlogin
You better have /etc/hosts.allow and /etc/hosts.deny set
and have the firewall up before enabling those servers.
sshd: LOCAL, .home.invalid
ALL: LOCAL, .home.invalid
spawn ( \
/bin/echo -e "\n\
TCP Wrappers\: Connection Refused\n\
By\: $(uname -n)\n\
Process\: %d (pid %p)\n\
" | /bin/mail -s \"$(uname -n)\" root ) &
> My Solaris systems run Motif and Gnome, so they can serve as
> terminals. Is there a performance hit on a text only host if it's
> running GUI applications where the X Window servers are on client
What's it matter. :)
When you have to get in, you take the hit, if any.
I am guess not, but it will depend on the gui app.
All my boxes boot at runlevel 3. When I start my kde desktop on my
browser box, it will login to the firewall box and run
xconsole -geom 1032x50+400+00 -file /var/log/messages &
so I can keep an eye on what is happening on the firewall box.
> My other question relates to using this system for
> Linux compiles for building utilities needed by the
> system and rarely to never on my own code, or perhaps
> to browse to acquire utilities or updates.
You need more memory or shop around for cheap 400mhz or faster box
with at least 256 meg mem.
> Do these activities present a security risk over
> using this RH9 PC only for a firewall/browser?
Make damn sure your firewall rules block all WAN inbound attempts,
never connect using root. ALways login in a user account to do the
work you indicated, then su -l root to do the install
The better firewall box has nothing which the cracker can use to
install, compile, or modify files with. :)
You'll notice I do not follow my own advice. :(
Here is what is running on my 500mhz firewall.
$ chkconfig --list | grep 3:on
kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network_ck 0:off 1:off 2:off 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off
numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
udev 0:off 1:off 2:on 3:on 4:on 5:on 6:off
proftpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
webmin 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Of course the only web thing done from the fw box is to run the
application to install updates from the vendor.
On my browser box, I have seperate user accounts for each email
address, surfing, creditcard/banks, ...
When I log out of the surfing/bank accounts, ~bash_logout deletes the
files and tars in a pristine setup.
Downloads, are dropped into a download partition.
Only thing I hit the net with, from my bittwister account, is slrn for Usenet