A Heterogeneous Linux/Windows 95 Home Network
I have a PPP account at my school that assigns an IP address each time I connect through the ppp0 device, which is my default gateway.
To enable machines behind the firewall to communicate with the outside world, you can install IP masquerade. This requires support for the firewall to be built into the kernel. Detailed instructions on how to recompile your kernel with IP firewall support is in the IP-masquerade HOWTO (www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html), available at the LDP (Linux Documentation Project) site. The Red Hat's 5.0 kernel has this support already compiled in. You need to enable IP forwarding on the firewall machine serrano. On Red Hat, this is done by setting FORWARD_IPV4=yes in the /etc/sysconfig/network file and restarting network services. Then execute
ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
as root, or place these commands in your /etc/rc.d/rc.local file for automatic execution. For explanation of the commands, read the IP-Masquerade-HOWTO.
You can play with the ipfwadm command to selectively grant access to the machines on your network to the outside world. Once this is done, you can open a DOS window on your Windows 95 machine and ping a machine on the Internet. If this works, you can access any machine on the Internet from any machine on your network. To the outside machines, all of the TCP/IP packets will appear to come from your firewall machine.
The Linux client (piquin, 192.168.1.100) should be set up with the server 192.168.1.1 as its default gateway. This is done with the route command
route add -net default gw 192.168.1.1
File sharing between two Linux machines is done easily with NFS. The NFS dæmon, nfsd, is usually started at boot time. We would like to make directories on serrano available to other Linux clients via NFS. To do this, specify the directories to be exported in the /etc/exports file. I have the following /etc/exports files on serrano:
/home jalapeno(rw) piquin(rw) /home/easwaran jalapeno(rw) piquin(rw) /mnt/cdrom jalapeno(rw) piquin(rw)This allows the /home, /home/easwaran and /mnt/cdrom to be exported to jalapeno and piquin, with read and write permission. Reboot the machine after you modify this file, or use these two commands:
kill -HUP rpc.nfsd kill -HUP rpc.mountedOn the Linux client, piquin, one needs to edit the /etc/fstab file to enable mounting of remote directories. On piquin, the /etc/fstab file has this entry:
serrano:/home/easwaran /home/easwaran/serrano\ nfs defaults,rw,user,noauto 1 1This command allows any user to mount /home/easwaran from serrano on piquin as the directory /home/easwaran/serrano. If auto is used instead of noauto, this remote directory would be automatically mounted at boot time. To mount this NFS directory manually, type mount /home/easwaran/serrano. In this case, because the directory mount point is easwaran's home, easwaran can use the mounted directory as can anyone with permissions to easwaran's subdirectory, serrano. easwaran has read and write permissions on /home/easwaran/serrano.
To enable the client Linux machine piquin to print on serrano, we need to configure the lp print dæmon lpd. See the Printing-HOWTO (/usr/doc/HOWTO/Printing-HOWTO.gz or visit LDP) for additional documentation and alternatives to lp. On serrano, create an /etc/hosts.lpd file listing the machines allowed to print on it. I added piquin to this file.
Printing with lpd is controlled via the /etc/printcap file. On serrano, the file looks like this:
# /etc/printcap file lp|dj:\ :sd=/var/spool/lpd/lp:\ :mx#0:\ :sh:\ :lp=/dev/lp1:\ :if=/var/spool/lpd/lp/filter:
lp and dj are names for the printer; sd is the spool directory; the mx line means there is no maximum size for files printed; sh suppresses headers; lp is the actual line printer device; and if is a magic filter shell script that deals with staircase effects when printing text files and other special processing that files need. On Red Hat Linux, the control panel has a print configuration tool that allows easy configuration of printers.
On piquin, the /etc/printcap file should look like this:
lp|dj:\ :sd=/var/spool/lpd/dj:\ :rm=serrano:\ :rp=lp:\ :lp=/dev/null:\ :sh:
rm defines a remote machine; rp defines the name of the remote printer; and sd is the local spool directory. Make sure the spool directory exists. After making changes to the /etc/printcap file, restart the lpd dæmon or reboot. Now, if you print on piquin, it should appear on the printer attached to serrano.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide