if u think RPMs are hassle-free u need to move to Debian and use the DEBs. apt-get is your friend ;) On Fri, 22 Jun 2001, Devdas Bhagat wrote: > On Fri, 22 Jun 2001, Randy Millis (Lists acct.) spewed into the ether: > > That sounds like hours of work though.:-) Not sure I'd know where to begin > > either. And there is always the question of what RPMs are safe to > > remove. How would one know that? > Not hours of work. > $tar -zxvf package.tar.gz > $cd package > $./configure > $make > #make install > > The biggest advantage of prepackaged rpms is that you don't need a > compiler on that machine to install them. > > > Thanks I will look for that. > http://www.linuxdoc.org > > > Now 6.2 or 7.1? > > > > - 6.2 is older (may be bad), but there may be more known issues with it > > than something brand new (may be good) > > - 7.1 has many fixes over 6.2 (may be good), but there are also new bugs > > introduced in a new version (may be bad). So what is the most logical > > choice? Or is my logic flawed???? :-) > I woul;d suggest a 6.2 install, apply all necessary poatches, then move > to 2.4, for iptables. > > > > I suppose it's the easiest way and it'll help you avoid circling > > > cross-dependencies (RPM A needs RPM B needs RPM A...) that I've seen > > > with RedHat RPMs. > > Yes, this is SOOOOO frustrating! > Simple workaround: specify both on the command line. > RPM figures out what to do. > <snip> > > I had heard that IPSEC fails over NAT. Why is that? > Nat does packet header rewriting, that isn't liked by IPSEC. > > > But, **do** I want to? Are there pros and cons to doing allowing NFS and > > SMB this way? Is there a better way? > Hmmm, how about simply using ssh? > > <snip> > > - Is setting up a private IP network (192.X.X.X, 172.X.X.X > > 10.X.X.X) with NAT more secure as the private addresses are not routeable > > from the public internet? > Not necessarily so. A good set of f/w rules should stop most attacks, > and if the clients behind the f/w are windows machines, then keep a > ghost disk handy. > > > What I don't understand is how I set up a firewall to protect a collection > > of hosts that are on the public internet now and have public addresses. > Ensure that they are on the same subnet, then define rules for that > subnet. Use Bastille. > > <snip> > > How do I hide the hosts behind the firewall and sill allow > > them to reach the internet? > /sbin/ipchains -s 0/0 -d 192.168.1.0/24 -j DENY > > Hope this helps a bit. > > Devdas Bhagat > -- > Linux is obsolete > (Andrew Tanenbaum) > _______________________________________________ > Firewalls mailing list > Firewalls@lists.gnac.net > http://lists.gnac.net/mailman/listinfo/firewalls > uram@cmu.edu "Blessed are those who have not seen and yet have faith." - John 20:29 _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls