MandrakeSecurity 7.2
Sebastian Mindling
list at mindling.com
Mon Apr 22 01:39:47 PDT 2002
On Sun, 21 Apr 2002 16:56:17 -0700, Coy Thorp <Coyt at mdli.com> spoke gently:
> Does anyone have any experience with this distribution? I am trying to
> install it on a couple of Compaq TaskSmarts (1U Linux boxen) and the install
> process goes fine. However, once installed, the units do not respond to any
> sort of https query. I know it's a combination of Apache webserver and
> bastille firewall running on this machine. If anyone can give me a sample
> httpd-naat.conf file or a bastille-firewall.conf file on a machine that is
> working with this distro, that would be excellent. Also, if anyone has any
> experience configuring bastille-firewall, that could be a help, too.
What is your network setup like? I'm using it at home on my DSL (single
P133 with two 3com NICS, one to the LAN and one to Sonic). I love this
little distro. It nicely combines the relative painlessness of a
home hardware router, but with the robustness and versatility of a
full-on Linux box.
The default installation has no normal httpd running at all, but it does
have the web-based configurator (httpd-naat) listening on port 8443 (but
only on the internal side of the firewall). I'd first check that
httpd-naat is running, (and try a "lynx localhost:8443", you should get
an error 400 "bad request"). Also check that your NICS are not mixed up.
In a default SNF setup your first NIC (eth0) should be on your LAN, and
the second card (eth1) out to the net.
As far as the firewall goes, it uses ipchains. Unless you're doing
more interesting firewalling, you can do everything from the web GUI.
The only configs I had to add to my ruleset "manually" were for
everquest and my office network, because the GUI does not provide for
making rules to let specific hosts _into_ your network. It handles just
about everything else pretty nicely though.
One word of caution, patching this distro up to current was a little
funky. Partly because I was doing it in the middle of the night, and
partly because I had a hell of a time finding a complete and valid
mirror, who knows. It is do-able, I promise you, just not pretty. Start
with httpd-naat updates, and follow the readme's to the letter. Also,
the 8.2 version of SNF is coming soon in ISO form, and I believe it uses
iptables instead of ipchains. If you're in a hurry, someone on Mandrake's
forums said you can manually install the 8.2 SNF now using the regular
8.2 rpms, but I haven't had that particular wild hair yet. :)
-Sebastian
More information about the talk
mailing list