HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Tue, 02 Jun 2009 14:11:48 GMT Cluster-Server: WEB1 P3P: CP="NOI ADMa OUR STP" X-Powered-By: ASP.NET Connection: close Content-Type: text/html

404 Object Not Found

Tech Tips

HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Tue, 02 Jun 2009 14:11:48 GMT Cluster-Server: WEB1 P3P: CP="NOI ADMa OUR STP" X-Powered-By: ASP.NET Connection: close Content-Type: text/html

404 Object Not Found

 Buy Games

News
 Current / Submit
 Archive / Search
 POTD / Submit

Files
 Main Files

Community
 Hosted Sites
 Forums
 Chat
 Help Wanted
 Mailing Lists
 Get Hosted!
 Contact Us
 Advertise With Us
 Staff

Features
 Index
 Articles
 Mod of the Week
 Levels of the Week
 Model of the Week
 QuakeScopes
 QuakeCon 2005
 Dear Mynx
 PQ Poll
 Mailbag
 Rants N'Raves
 Tech Tips
 Week in Review
 Classic PQ


HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Tue, 02 Jun 2009 14:11:48 GMT Cluster-Server: WEB1 P3P: CP="NOI ADMa OUR STP" X-Powered-By: ASP.NET Connection: close Content-Type: text/html

404 Object Not Found


    PlanetQuake | Features | Tech Tips | 5-20-2000
   

Tech Tips


Once we've gotten all those nameservers into place, try this:

ifconfig eth0 [ipaddress]

Your network card is now set to your IP addy that your ISP gave you (plug one of your allocated IPs into [ipaddress], and omit []'s). Start up netscape and go surf a while.

If you are one of these cable people that has a dynamic IP with @Home or another provider, all you need is one simple program, called DHCPCD (which Scott is a fan of). Get it from my favorite site, FreshMeat.Net and install it like you would any other program. Now just do a "dhcpcd &" on the command line, and it will find all this stuff for you. You won't even need to plug in any of the above stuff.

(Surprisingly, Theiet never mentioned editing /etc/ppp/pap-secrets to log into @Home. We'll cover this in a second.)

For the rest of us (that would be non-modem and non-static-ip people), we are left with a bit of a dilemma. We need to be online! The solution comes in the form of roaring penguin software. Head on over to Roaring Penguin and get their PPPoE software. PPPoE is the latest and greatest in braindead user management. It basically makes your network card act like a modem that can be re-assigned an IP mid stride. The downside to PPPoE is that it's been my experience that the networking changes required in Win32 rob you of bandwidth and stability. The other downside is that the connection has a tendency to drop when changing IPs in the client that my ISP gave me for Win32. The upside is that they don't think you are using Linux (where PPPoE ip changes work great) so they don't change up your IP for five days at a time. If you turn off your ADSL modem, you will still lose the IP. I don't know enough about cable service in my area (cable is slow since I am entrenched in the concrete jungle) to make any really technical generalizations.

Once you've downloaded the Roaring Penguin and installed it, all you need to do is plug those name servers into your resolv.conf and edit pap-secrets (in /etc/ppp/). Here's what you need to put into /etc/ppp/pap-secrets:

username@userdomain.tld       *        password        *

And notice the trailing blank line here too. If my username is offspring and my ISP is Bell Atlantic, then my username@userdomain.tld would be "offspring@ba.net". Check with your ISP, the @userdomain.tld part is REQUIRED. The next asterisk is needed, and then just enter your password (CaSe SeNsItIvE, "ForeverAndADay" as a password is different from "foreverandaday"). The "@ba.net" part will change depending on your ISP and what they want.

If you need further help at this point, be sure to check out our Linux adsl article (and feel free to stick around and check out the rest of the site). That document was written by me awhile back, and was rejected by the Linux Documentation Project (they "already have one"). FEH! Nothing wrong with a little self promotion. ;)

From here, you should be set, right? Linux is indestructible! Err...it's prone to user error. Lets talk security. Right now, I bet you have an anonymous FTP server running. That's right, try to ftp to your own IP. Now log in anonymously. Not too cool, huh? The easiest way to prevent this is to add "anonymous" and "guest" (depreciated) to /etc/ftpusers (along with anyone else you want to have access to your computer via telnet but want to not give FTP access to).

Scott has suggested removing the user ftp from /etc/passwd and /etc/shadow.

The next logical thing to do would be to cut out those services that you arn't using. Open up /etc/rc.d/rc.inet2 (with pico or your editor of choice). It's too large to go through line by line, but I'll give you a rundown. We need to add #'s in front of any line that we don't want. If you can't find this file, please read the manual. This is the 'standard', but there are a few standards out there at this point..

Comment out anything having to do with NFS Filesystems. Put #'s in front of every line in that section. Anything under NAMED/BIND has to go too, we want to use your ISP for domain management (although you will want to uncomment this if you register a domain). ROUTEd goes too. RWHO dies. NIS goes out the Windows. SUN RPC has to be deadified. PC-NFS needs to go. This will cut out anything from starting when you reboot that you wouldn't want up.

Next, pop open /etc/inetd.conf with pico. Comment out "time", "swat", "comsat", "ntalk", "imap2", "finger", and "auth". *WHEW* You are buttoned up nicely, the only thing else that you might want is a firewall, but such things are beyond the scope of this document. (Firewalling would cause it to span pages of oration on topics such as communication layers and ports.) The other problem with firewalling is that the 2.4.x kernel (due out any time now) will replace the whole firewall system. The best you can hope for is to hit up Freshmeat for a GUI or check out Metalab-HOWTO for some good reading. So far I have not found any utilities that I have had any affinity with.

(Just a note from Scott: He says that if you comment out auth, and your IRC client won't run it's own ident server, then you won't be able to chat in IRC rooms that require ident. I am pretty sure the latest version of BitchX can run it's own ident stuff, but things like XChat or what have you may not).

Scott suggests going even further then we have. He suggested to me that the users should open up /etc/hosts.deny and add "ALL: ALL". In /etc/hosts.allow, put the line "ALL: 127." (which is the first octet of loopback, or that "lo" device you see if you just type "ifconfig"). If you'd like to let people access other services, you'd add "in.telnetd: 192.168.0.1, 192.168.4.".

"The first name is the name of the program (NOT the service),
which is shown in inetd.conf. The second are allowed IP
addresses. The 192.168.4. refers to any machine in the
192.168.4.0 range, so that you can put in a whole network, if you
wanted."
--Scott "D'Arque" Bishop

And of course, check back with your distribution's homepage and see if they have any updated packages you should install to close security holes.



   


[Main Page] [Features] [Files] [Forums] [Contact] [Hosting Info]

HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Tue, 02 Jun 2009 14:11:48 GMT Cluster-Server: WEB1 P3P: CP="NOI ADMa OUR STP" X-Powered-By: ASP.NET Connection: close Content-Type: text/html

404 Object Not Found