A Heterogeneous Linux/Windows 95 Home Network
I have a PPP account at my school that assigns an IP address each time I connect through the ppp0 device, which is my default gateway.
To enable machines behind the firewall to communicate with the outside world, you can install IP masquerade. This requires support for the firewall to be built into the kernel. Detailed instructions on how to recompile your kernel with IP firewall support is in the IP-masquerade HOWTO (www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html), available at the LDP (Linux Documentation Project) site. The Red Hat's 5.0 kernel has this support already compiled in. You need to enable IP forwarding on the firewall machine serrano. On Red Hat, this is done by setting FORWARD_IPV4=yes in the /etc/sysconfig/network file and restarting network services. Then execute
ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
as root, or place these commands in your /etc/rc.d/rc.local file for automatic execution. For explanation of the commands, read the IP-Masquerade-HOWTO.
You can play with the ipfwadm command to selectively grant access to the machines on your network to the outside world. Once this is done, you can open a DOS window on your Windows 95 machine and ping a machine on the Internet. If this works, you can access any machine on the Internet from any machine on your network. To the outside machines, all of the TCP/IP packets will appear to come from your firewall machine.
The Linux client (piquin, 192.168.1.100) should be set up with the server 192.168.1.1 as its default gateway. This is done with the route command
route add -net default gw 192.168.1.1
File sharing between two Linux machines is done easily with NFS. The NFS dæmon, nfsd, is usually started at boot time. We would like to make directories on serrano available to other Linux clients via NFS. To do this, specify the directories to be exported in the /etc/exports file. I have the following /etc/exports files on serrano:
/home jalapeno(rw) piquin(rw) /home/easwaran jalapeno(rw) piquin(rw) /mnt/cdrom jalapeno(rw) piquin(rw)This allows the /home, /home/easwaran and /mnt/cdrom to be exported to jalapeno and piquin, with read and write permission. Reboot the machine after you modify this file, or use these two commands:
kill -HUP rpc.nfsd kill -HUP rpc.mountedOn the Linux client, piquin, one needs to edit the /etc/fstab file to enable mounting of remote directories. On piquin, the /etc/fstab file has this entry:
serrano:/home/easwaran /home/easwaran/serrano\ nfs defaults,rw,user,noauto 1 1This command allows any user to mount /home/easwaran from serrano on piquin as the directory /home/easwaran/serrano. If auto is used instead of noauto, this remote directory would be automatically mounted at boot time. To mount this NFS directory manually, type mount /home/easwaran/serrano. In this case, because the directory mount point is easwaran's home, easwaran can use the mounted directory as can anyone with permissions to easwaran's subdirectory, serrano. easwaran has read and write permissions on /home/easwaran/serrano.
To enable the client Linux machine piquin to print on serrano, we need to configure the lp print dæmon lpd. See the Printing-HOWTO (/usr/doc/HOWTO/Printing-HOWTO.gz or visit LDP) for additional documentation and alternatives to lp. On serrano, create an /etc/hosts.lpd file listing the machines allowed to print on it. I added piquin to this file.
Printing with lpd is controlled via the /etc/printcap file. On serrano, the file looks like this:
# /etc/printcap file lp|dj:\ :sd=/var/spool/lpd/lp:\ :mx#0:\ :sh:\ :lp=/dev/lp1:\ :if=/var/spool/lpd/lp/filter:
lp and dj are names for the printer; sd is the spool directory; the mx line means there is no maximum size for files printed; sh suppresses headers; lp is the actual line printer device; and if is a magic filter shell script that deals with staircase effects when printing text files and other special processing that files need. On Red Hat Linux, the control panel has a print configuration tool that allows easy configuration of printers.
On piquin, the /etc/printcap file should look like this:
lp|dj:\ :sd=/var/spool/lpd/dj:\ :rm=serrano:\ :rp=lp:\ :lp=/dev/null:\ :sh:
rm defines a remote machine; rp defines the name of the remote printer; and sd is the local spool directory. Make sure the spool directory exists. After making changes to the /etc/printcap file, restart the lpd dæmon or reboot. Now, if you print on piquin, it should appear on the printer attached to serrano.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|diff -u: What's New in Kernel Development||Aug 20, 2014|
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
- diff -u: What's New in Kernel Development
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Tech Tip: Really Simple HTTP Server with Python
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Monitoring Android Traffic with Wireshark
- New Products
- RSS Feeds
- Returning Values from Bash Functions
- Raspberry Pi: the Perfect Home Server