newbie networking - Mandriva

This is a discussion on newbie networking - Mandriva ; I'm in the process of setting up an old computer with Mandriva 2008 to use as a video file player, hooked to a TV. Setting that up shouldn't be a problem, once I get my "new" video card here. My ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: newbie networking

  1. newbie networking

    I'm in the process of setting up an old computer with Mandriva 2008 to
    use as a video file player, hooked to a TV. Setting that up shouldn't be
    a problem, once I get my "new" video card here.

    My questions arise from a thought I had while getting Mandriva installed
    and updated. Both of my computers are connected to a fixed wireless ISP
    via a wired Linksys router. (The ISP provided the wireless transceiver
    with the Ethernet connection.) I connected #2 so I could keep it
    updated. #1 is where I do almost everything. #2 will just be sitting
    there most of the time. It occurred to me that the free hard drive space
    on computer #2 would make an excellent repository for backing up data
    from computer #1, if only I could get them communicating with each
    other. Yes, an external HD would be easier to set up, but why should I
    buy one of those when plenty of space is just sitting there?

    The thing is, this is apparently such a complicated subject that it's
    difficult for a networking newbie to know where to start. I've googled
    around in circles for a day and a half, trying to sort things out with
    little success. I THINK ftp will do what I want, but how to set things
    up so my computers can move files back and forth, but keep the rest of
    the world from getting at my stuff? What software works best? Easiest?
    I'd love it if #2 could just "take over" essential services in a few
    seconds if #1 broke down, but I don't think I need constant
    file-sharing. Once a week backups would be enough, I think.

    One would think there'd be a tutorial somewhere on setting something
    like this up, but I'll be hanged if I can find it. Can somebody point me
    in the right direction?

    TJ



    --
    Posted via a free Usenet account from http://www.teranews.com


  2. Re: newbie networking

    On Tue, 20 Nov 2007 15:27:05 -0500, TJ wrote:

    > It occurred to me that the free hard drive space
    > on computer #2 would make an excellent repository for backing up data
    > from computer #1, if only I could get them communicating with each
    > other. Yes, an external HD would be easier to set up, but why should I
    > buy one of those when plenty of space is just sitting there?


    Not a problem, What you want to do is create an NFS share, mount and
    #1 can read/write to #2 shared directory(s).


    > The thing is, this is apparently such a complicated subject that it's
    > difficult for a networking newbie to know where to start.



    I would try playing in the Mandriva Linux Control Center.
    I have not tried it in quite awhile.

    Basically, you tell #2 who can do what with the share(s), and
    #1 creates a mount point to the shares in /etc/fstab. That assumes you
    have Fully Qualified Domain Names in both systems /etc/hosts file.

    You can make up your own LAN domain name, just put invalid on the end
    of it. Example: home.invalid. Snippet from my /etc/hosts file

    $ head /etc/hosts
    127.0.0.1 localhost
    192.168.1.11 fs.home.invalid fs
    192.168.1.1 gateway cm
    192.168.1.130 wb.home.invalid wb
    192.168.1.131 beta.home.invalid beta


    On #2 you create an /etc/exports with a line something like
    /pub wb(rw,no_root_squash,sync)

    That indicates host wb (#1), can rw to /pub on #2 and there is a /pub
    on #2 in it's /etc/fstab

    On wb, you would create a mount point, with the command
    mkdir /usr/local/pub
    then add something in /etc/fstab like
    fs:/pub /usr/local/pub nfs rsize=8192,wsize=8192,timeo=14,intr,tcp 0 0

    Now, #1 (wb) can read/write to /pub mounted on #2 (fs)

    I cannot remember, but you might have to put

    ALL: LOCAL, .home.invalid

    # End of hosts.allow. Run service xinetd reload
    #*************** end hosts.allow ***********************

    in /etc/hosts.allow on both systems.

    In /etc/hosts.deny, I always have

    ALL: ALL:\
    spawn ( \
    /bin/echo -e "\n\
    TCP Wrappers\: Connection Refused\n\
    By\: $(uname -n)\n\
    Process\: %d (pid %p)\n\
    \n\
    User\: %u\n\
    Host\: %c\n\
    Date\: $(date)\n\
    " | /bin/mail -s \"$(uname -n)\" root ) & : DENY

    # End of hosts.allow. Run service xinetd reload
    #*************** end hosts.deny ***********************


    which will mail me any problems introduced by tcpwrappers.

    If the *nfs* services are running, #2 (fs) should mount /pub for #1 (wb)
    to use after a service restart.


    I would suggest NFS. If you want to go ftp, then you have to have the
    service enabled.


    > What software works best? Easiest?


    Software for doing what?

    > I'd love it if #2 could just "take over" essential services in a few
    > seconds if #1 broke down,


    Whoa, now what "essential services" are you talking about.

    > but I don't think I need constant file-sharing.
    > Once a week backups would be enough, I think.


    Well now, that sounds like a little script in /etc/cron.weekly on #2
    which mounts /usr/local/pub, runs whatever backup/copy command(s) to
    /usr/local/pub
    umounts /usr/local/pub when done.

    http://tldp.org/LDP/abs/html/index.html for some light bash scripting info.

    Other info can be found on http://tldp.org while you are there.

    man exports
    man hosts.allow
    man hosts.deny


  3. Re: newbie networking

    Your concern about computers on whe Wild & Wooly
    Web can be handled in the router.

    Set up the router to handle the connection to your
    ISP. It will hold the login name and password.
    It likely is set up this way already, but if not
    set it up this way.

    Normally, a Linksys by default will allow connections
    initiated from the LAN machines to do anything they
    want. Check to make sure. You will need the admin
    login to the router (usually admin) and the password
    for it (the default is in the user manual for the
    router). You should have changed this password.

    Also normally, by default the router firewall will
    drop everything that originates on the WWW side.
    Check to make sure. You may need to set port 113
    to reject rather than drop, as some ISPs check that
    in network management. Some routers set 113 to
    reject even if your rule is to drop all from the
    WWW for this reason. Drop or reject on 113 will
    work fine.

    That done, your router talks to the ISP server,
    and your LAN machines can both talk to machines
    on the WWW or to each other via the router. Machines
    on the WWW side cannot initiate a connection to
    your machines through the router.

    If you wish to be paranoid, you can set up a
    firewall on each of your LAN machines, in addition.
    This requires using Shorewall or Guarddog or some
    other frontend to iptables in your kernel, and
    setting the machine's firewall to allow communication
    on the LAN.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  4. Re: newbie networking

    Jim Beard wrote:
    > Your concern about computers on whe Wild & Wooly
    > Web can be handled in the router.
    >
    > Set up the router to handle the connection to your
    > ISP. It will hold the login name and password.
    > It likely is set up this way already, but if not
    > set it up this way.
    >
    > Normally, a Linksys by default will allow connections
    > initiated from the LAN machines to do anything they
    > want. Check to make sure. You will need the admin
    > login to the router (usually admin) and the password
    > for it (the default is in the user manual for the
    > router). You should have changed this password.
    >
    > Also normally, by default the router firewall will
    > drop everything that originates on the WWW side.
    > Check to make sure. You may need to set port 113
    > to reject rather than drop, as some ISPs check that
    > in network management. Some routers set 113 to
    > reject even if your rule is to drop all from the
    > WWW for this reason. Drop or reject on 113 will
    > work fine.
    >
    > That done, your router talks to the ISP server,
    > and your LAN machines can both talk to machines
    > on the WWW or to each other via the router. Machines
    > on the WWW side cannot initiate a connection to
    > your machines through the router.
    >
    > If you wish to be paranoid, you can set up a
    > firewall on each of your LAN machines, in addition.
    > This requires using Shorewall or Guarddog or some
    > other frontend to iptables in your kernel, and
    > setting the machine's firewall to allow communication
    > on the LAN.
    >
    > Cheers!
    >
    > jim b.
    >

    Well, then. I guess I'm well-protected. My ISP is a fixed wireless
    network. That's a way to get high-speed service to rural areas not
    covered by cable or dsl. The owner (well, actually he's the whole
    company) explained it to me - somewhat. Essentially, the network is set
    up like a very large LAN. The wifi signal is relayed to me through
    several routers, each of which has a firewall to prevent the network
    from being hijacked. The antenna/router that sends the ethernet signal
    to MY router also has a firewall, and the entire network has a firewall
    between it and Verizon FIOS, which provides the network's Internet
    connection. The only one that has access through all the network's
    firewalls is the ISP owner, so with the addition of my own router it
    sounds like nobody's likely to break in without a LOT of trouble.

    I was wondering about it, so I went to a couple of security test sites
    back when I first started with this ISP a year ago. The only IP number
    any of them saw was Verizon's IP for the whole network. Interestingly
    enough, they also said my security was "unusually high for a Windows
    computer." I just thought that was because I was using Linux. Silly me.

    So now I think maybe I could disable Mandriva's software firewall with a
    reasonable sense of security. Or am I wrong about that?

    TJ

    --
    Posted via a free Usenet account from http://www.teranews.com


  5. Re: newbie networking

    On 2007-11-21, TJ wrote:
    > Jim Beard wrote:


    [...]

    > So now I think maybe I could disable Mandriva's software firewall with a
    > reasonable sense of security. Or am I wrong about that?
    >
    > TJ


    Mandriva's 'software firewall' is actually a GUI to iptables, and not
    really comparable to the 'firewall' programs familiar to Windows users.
    It controls access to and from your individual computer, so if the only
    thing you ever connect to is a router/firewall and you only ever do that
    with a wired ethernet connection, then yes you could select 'no firewall'
    in the Mandriva Control Centre, and even un-install iptables - but I
    wouldn't bother, as I don't think doing that would 'improve' anything, and
    you never know when you might hook up with another computer, so I think it
    makes sense to have the protection in place.

    If you are using a laptop and ever connect to a different router from the
    one you use at home, then you definitely need to keep your 'firewall' up!

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  6. Re: newbie networking

    Whiskers wrote:
    > On 2007-11-21, TJ wrote:
    >> Jim Beard wrote:

    >
    > [...]
    >
    >> So now I think maybe I could disable Mandriva's software firewall with a
    >> reasonable sense of security. Or am I wrong about that?
    >>
    >> TJ

    >
    > Mandriva's 'software firewall' is actually a GUI to iptables, and not
    > really comparable to the 'firewall' programs familiar to Windows users.
    > It controls access to and from your individual computer, so if the only
    > thing you ever connect to is a router/firewall and you only ever do that
    > with a wired ethernet connection, then yes you could select 'no firewall'
    > in the Mandriva Control Centre, and even un-install iptables - but I
    > wouldn't bother, as I don't think doing that would 'improve' anything, and
    > you never know when you might hook up with another computer, so I think it
    > makes sense to have the protection in place.
    >
    > If you are using a laptop and ever connect to a different router from the
    > one you use at home, then you definitely need to keep your 'firewall' up!


    Concur that if your firewall is already set up, it makes
    no sense to disable it.

    And if you ever connect wirelessly from your machine, you
    need the firewall.

    If your router-wireless connection to your ISP is encrypted
    with WPA, it would take extreme procedures to intrude. If
    encrypted with WEP, that can be collected, the encryption
    broken, and a machine set up to send to your machine as if
    it were the ISP's machine. Doing this without breaking
    something and without being detected likely would present
    a problem. The net effect would simply be the same as
    would result if you were enticed to initiate a session
    with a server holding malware on the WWW, unless you have
    special security programs set up that allot special access
    to certain machines such as the ISP's server. If you did
    not set it up, it is not there, so I don't think you need
    to worry about it.

    If the wireless connection to your ISP is not encrypted,
    all your traffic is readable by anyone with the right
    equipment. Again, it would be possible for a machine to
    be set up to imitate your ISP's machine, with the same
    problems and possibilities as above.

    So, yeah, you would be "reasonably secure." But another
    firewall does not hut. To quote a phrase I picked up
    in the U.S. 11th Armored Cavalry, "Overkill works."

    Cheers!

    jim b.


    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  7. Re: newbie networking

    Bit Twister wrote:
    > On Tue, 20 Nov 2007 15:27:05 -0500, TJ wrote:
    >


    >> I'd love it if #2 could just "take over" essential services in a few
    >> seconds if #1 broke down,

    >
    > Whoa, now what "essential services" are you talking about.
    >

    Oh, Internet access, a little openoffice stuff (There are times when it
    would be MOST inconvenient to lose my spreadsheeting ability), really
    ordinary stuff like that. My Thunderbird and Firefox configurations and
    plugins especially. Time was when I didn't need the Internet, back
    before the Web was invented. Then, with dialup it became enjoyable,
    informative, and convenient. Now that I have broadband access, it's
    downright essential to running my farm efficiently.

    I just don't want a breakdown of my main machine to put me out of
    business for any longer than is necessary. Hardware backups can be just
    as important as data backups. "A few seconds" was an exaggeration. If I
    can have a secondary computer as ready to step in as I can make it, I'd
    be happy.

    TJ

    --
    Posted via a free Usenet account from http://www.teranews.com


  8. Re: newbie networking

    On Thu, 22 Nov 2007 09:56:54 -0500, TJ wrote:
    >
    >>> I'd love it if #2 could just "take over" essential services in a few
    >>> seconds if #1 broke down,

    >>
    >> Whoa, now what "essential services" are you talking about.
    >>

    > Oh, Internet access, a little openoffice stuff (There are times when it
    > would be MOST inconvenient to lose my spreadsheeting ability), really
    > ordinary stuff like that.


    I can not see that happening gracefully. I can see rsync keeping #2
    updated from #1 but not that hot and I would still have backups in
    case a mangled file on #1 is moved to #2

    > My Thunderbird and Firefox configurations and plugins especially.


    I can see rsync keeping files on #2 synced daily for that.

    > I just don't want a breakdown of my main machine to put me out of
    > business for any longer than is necessary. Hardware backups can be just
    > as important as data backups. "A few seconds" was an exaggeration. If I
    > can have a secondary computer as ready to step in as I can make it, I'd
    > be happy.


    That should not be a whole lot of trouble, if both systems have
    same user accounts with matching UID and GIDs.

  9. Re: newbie networking

    Bit Twister wrote:
    > On Thu, 22 Nov 2007 09:56:54 -0500, TJ wrote:


    >
    >> I just don't want a breakdown of my main machine to put me out of
    >> business for any longer than is necessary. Hardware backups can be just
    >> as important as data backups. "A few seconds" was an exaggeration. If I
    >> can have a secondary computer as ready to step in as I can make it, I'd
    >> be happy.

    >
    > That should not be a whole lot of trouble, if both systems have
    > same user accounts with matching UID and GIDs.


    Looks like the whole thing is now moot, anyway. The secondary drive on
    the backup machine is proving itself to be less than trustworthy, now
    that it's been seeing some use. Speculation is that it's because it's
    been sitting idle for four years. It was a used drive in the first
    place, pulled from another, even older computer. It's not too surprising
    that it would be showing problems.

    Using unreliable media for a backup is like using a spare tire that goes
    flat once every month. It'll probably fail you just when you need it the
    most. So now I would need a new hard drive to use this second machine as
    a backup. The most sensible solution would be an external USB 2.0 drive,
    one that I could then just carry to the computer that needs the
    information. The main computer supports USB 2.0, but the older one
    doesn't. Still, the drive would work on either machine as an archival
    medium. Even under USB 1.1 it would be faster and better than DVDs.

    I'm disappointed in the quality of the video card's TV-out display, too
    - the reason I dredged the old computer out of mothballs in the first
    place was to watch various video file types on a "regular" TV. But,
    that's a topic for another thread.

    TJ

    --
    Posted via a free Usenet account from http://www.teranews.com


+ Reply to Thread