Once we've gotten all those nameservers into place, try this:
ifconfig eth0 [ipaddress]
Your network card is now set
to your IP addy that your ISP gave you (plug one of your allocated
IPs into [ipaddress], and omit 's). Start up netscape and
go surf a while.
If you are one of these cable people that has a dynamic IP with @Home or another provider, all you need is one simple
program, called DHCPCD (which Scott is a fan of). Get it from my favorite site, FreshMeat.Net and install it like
you would any other program. Now just do a "dhcpcd &" on the command line, and it will find all this stuff for you. You won't even need to
plug in any of the above stuff.
(Surprisingly, Theiet never mentioned editing /etc/ppp/pap-secrets to log into @Home. We'll cover this in a second.)
For the rest of us (that would be non-modem and non-static-ip people), we are left with a bit of a dilemma. We need to be
online! The solution comes in the form of roaring penguin software. Head on over to Roaring Penguin and get
their PPPoE software. PPPoE is the latest and greatest in braindead user management. It basically makes your network card act like a modem that can be
re-assigned an IP mid stride. The downside to PPPoE is that it's been my experience that the networking changes required in Win32 rob you of bandwidth and
stability. The other downside is that the connection has a tendency to drop when changing IPs in the client that my ISP gave me for Win32. The upside is
that they don't think you are using Linux (where PPPoE ip changes work great) so they don't change up your IP for five days at a time. If you turn off
your ADSL modem, you will still lose the IP. I don't know enough about cable service in my area (cable is slow since I am entrenched in the concrete
jungle) to make any really technical generalizations.
Once you've downloaded the Roaring Penguin and installed it, all you need to do is plug those name servers into your
resolv.conf and edit pap-secrets (in /etc/ppp/). Here's what you need to put into /etc/ppp/pap-secrets:
* password *
And notice the trailing blank line here too. If my username is offspring and my ISP is Bell Atlantic, then my firstname.lastname@example.org
would be "email@example.com". Check with your ISP, the @userdomain.tld part is REQUIRED. The next asterisk is needed, and then just enter your
password (CaSe SeNsItIvE, "ForeverAndADay" as a password is different from "foreverandaday"). The "@ba.net" part will change
depending on your ISP and what they want.
If you need further help at this point, be sure to check out our Linux adsl article
(and feel free to stick around and check out the rest of the site). That document was written by me awhile back, and was rejected by the Linux
Documentation Project (they "already have one"). FEH! Nothing wrong with a little self promotion. ;)
From here, you should be set, right? Linux is indestructible! Err...it's prone to user error. Lets talk security. Right
now, I bet you have an anonymous FTP server running. That's right, try to ftp to your own IP. Now log in anonymously. Not too cool, huh? The easiest way
to prevent this is to add "anonymous" and "guest" (depreciated) to /etc/ftpusers (along with anyone else you want to have access to
your computer via telnet but want to not give FTP access to).
Scott has suggested removing the user ftp from /etc/passwd and /etc/shadow.
The next logical thing to do would be to cut out those services that you arn't using. Open up /etc/rc.d/rc.inet2 (with
pico or your editor of choice). It's too large to go through line by line, but I'll give you a rundown. We need to add #'s in front of any line that we
don't want. If you can't find this file, please read the manual. This is the 'standard', but there are a few standards out there at this point..
Comment out anything having to do with NFS Filesystems. Put #'s in front of every line in that section. Anything under
NAMED/BIND has to go too, we want to use your ISP for domain management (although you will want to uncomment this if you register a domain). ROUTEd goes
too. RWHO dies. NIS goes out the Windows. SUN RPC has to be deadified. PC-NFS needs to go. This will cut out anything from starting when you reboot that
you wouldn't want up.
Next, pop open /etc/inetd.conf with pico. Comment out "time", "swat", "comsat", "ntalk",
"imap2", "finger", and "auth". *WHEW* You are buttoned up nicely, the only thing else that you might want is a firewall, but
such things are beyond the scope of this document. (Firewalling would cause it to span pages of oration on topics such as communication layers and ports.)
The other problem with firewalling is that the 2.4.x kernel (due out any time now) will replace the whole firewall system. The best you can hope for is to
hit up Freshmeat for a GUI or check out Metalab-HOWTO for some
good reading. So far I have not found any utilities that I have had any affinity with.
(Just a note from Scott: He says that if you comment out auth, and your IRC client won't run it's own ident server, then
you won't be able to chat in IRC rooms that require ident. I am pretty sure the latest version of BitchX can run it's own ident stuff, but things like
XChat or what have you may not).
Scott suggests going even further then we have. He suggested to me that the users should open up /etc/hosts.deny and add
"ALL: ALL". In /etc/hosts.allow, put the line "ALL: 127." (which is the first octet of loopback, or that "lo" device you see
if you just type "ifconfig"). If you'd like to let people access other services, you'd add "in.telnetd: 192.168.0.1, 192.168.4.".
"The first name is the name of the program (NOT the service),
which is shown in inetd.conf. The second are allowed IP
addresses. The 192.168.4. refers to any machine in the
192.168.4.0 range, so that you can put in a whole network, if you
--Scott "D'Arque" Bishop
And of course, check back with your distribution's homepage and see if they have any updated packages you should install
to close security holes.