[Scottish] Need advice on setting up a Mandrake/Debian home network

Colin McKinnon scottish at mailman.lug.org.uk
Mon Mar 10 14:23:02 2003

David Marsh's list-reading hat wrote:

>Hi everybody,
>I'm trying to network two machines together to make a home network.
There are two ways to allow internet access from 'salt':
    - either by using pepper as a (masquerading) router
    -  running proxy services on pepper (mail, web, news, DNS, ...)

Even if you go down the first route, that doesn't exclude us of the 
second method to improve performance via caching. OTOH you only need to 
learn one configuration mathod for the first way of doing things! Here's 
a quick list of the applications I've used for proxy services:
    Sendmail for outgoing Email (most MTAs should work in this respect)
    imapd for serving mail from the internet connected box
    squid for web
    DNSCache (I used to use Bind but it's heavy, difficult to look after 
and had a lot of vulnerabilities found)
    Leafnode for news

I'd tell you more about the first method if I talk sensibly about it; I 
don't know enough about the implementation to say what you should do 
that won't undermine any security settings already in place. Like Ben 
said; try to lock down your access controls. Think about a host based 
IDS (does debian's package mgr provide this?) for the internet connected 
box too.

Thought about how you're going to control the connection from salt? 
Diald is cool but not always appropriate. If you search for diald on 
freshmeat, it turns up most of the remote control packages.

>On the Mandrake box (salt) what values should I put in for "DNS server"
>and "Gateway" in the wizard?
If you're using a proxy, pepper, otherwise you'll need to setup the 
masquerading and tell it to use the same server as pepper. If you are 
getting the nameserver via dhcp then the config for the nameserver goes 
into /etc/resolv.conf when you're connected. NB this may change 
depending on how your call gets routed at the ISP / change over time. 
You could setup your nameserver to search top down (only has the fixed 
root server addresses initially) but that's not an ideal solution. 
DNScache is definitely the recommended soltuion here (from me at least).

>How should I let salt know about the other machine (pepper)?
>Do I have to edit /etc/hosts by hand, or is there a better way to do it?
it's easiest just to edit /etc/hosts by hand - but set it up the same on 
both machines.

NB if you're wanting to use instant messaging on salt, then you'll 
probably need to do some extra jiggery pokery regardless of the method 
you use for connecting.

Think about having a common home directory if you're going to be logging 
on to both machines (so you can access all your files / config).