how to get three nameserver entries in /etc/resolv.conf
Does someone here know how to get three nameserver entries
into /etc/resolv.conf? (And for the benefit of any wise
guys: How is it done?)
I have a fixed LAN using static IP addresses. Formerly, I
had two nameserver entries defined through Mandriva's
installation tools: 127.0.0.1 for local nameserver caching
by named/bind, and the IP address of my inner router to let
the router query the actual ISP DNS servers. Now, in
response to reports the black hats are cracking home routers
to do DNS poisoning, I want to have my Linux machines do
local caching and access the ISP's DNS servers directly.
First, I put DNS1, DNS2, and DNS3 in
/etc/sysconfig/network-scripts/ifcfg-eth0, but only the
first two ended up in /etc/resolv.conf. Because Verizon
isn't known for having the best DNS servers, I want to have
both ISP servers listed, but _after_ 127.0.0.1.
Next, I put both ISP DNS servers in ifcfg-eth0 and put
"nameserver 127.0.0.1" (without the quotation marks) in
/etc/resolvconf/resolv.conf.d/head, but that line is not
being put into /etc/resolv.conf.
The man page for resolvconf describes a resolv.conf.d/base
file, but it doesn't specify the order. Is the "base" file
copied in before the stuff from the interfaces, or is it
copied into /etc/resolv.conf in a different order?
Incidentally, I have resolvconf disabled via chkconfig, but
it seems to be running at boot time, anyway.
Any suggestions?
Thanks.
--
Robert Riches
[email]spamtrap42@verizon.net[/email]
(Yes, that is one of my email addresses.)
Re: how to get three nameserver entries in /etc/resolv.conf
On Sun, 24 Feb 2008 04:10:16 GMT, Robert M. Riches Jr. wrote:[color=blue]
> Does someone here know how to get three nameserver entries
> into /etc/resolv.conf? (And for the benefit of any wise
> guys: How is it done?)[/color]
Add third nameserver line to /etc/resolvconf/resolv.conf.d/tail
and do a
service network restart
cat /etc/resolv.conf
Or add nameserver 127.0.0.1 to /etc/resolvconf/resolv.conf.d/tail
and the two other ip to DNSx nic config file and do a
service network restart
cat /etc/resolv.conf
[color=blue]
> I have a fixed LAN using static IP addresses. Formerly, I
> had two nameserver entries defined through Mandriva's
> installation tools: 127.0.0.1 for local nameserver caching
> by named/bind, and the IP address of my inner router to let
> the router query the actual ISP DNS servers. Now, in
> response to reports the black hats are cracking home routers
> to do DNS poisoning, I want to have my Linux machines do
> local caching and access the ISP's DNS servers directly.[/color]
And you trust your ISP not to get poisoned. How about if it's
outsourced to some third world country. :(
[color=blue]
> First, I put DNS1, DNS2, and DNS3 in
> /etc/sysconfig/network-scripts/ifcfg-eth0, but only the
> first two ended up in /etc/resolv.conf.[/color]
Yeah, that used to work, but they fixed it. :-(
[color=blue]
> Because Verizon
> isn't known for having the best DNS servers, I want to have
> both ISP servers listed, but _after_ 127.0.0.1.[/color]
[color=blue]
>
> Next, I put both ISP DNS servers in ifcfg-eth0 and put
> "nameserver 127.0.0.1" (without the quotation marks) in
> /etc/resolvconf/resolv.conf.d/head, but that line is not
> being put into /etc/resolv.conf.[/color]
Sounds like PEERDNS is set =no
[color=blue]
> The man page for resolvconf describes a resolv.conf.d/base
> file, but it doesn't specify the order. Is the "base" file
> copied in before the stuff from the interfaces, or is it
> copied into /etc/resolv.conf in a different order?
>
> Incidentally, I have resolvconf disabled via chkconfig, but
> it seems to be running at boot time, anyway.[/color]
Ok, that explains why resolv.conf if not using the
/etc/resolvconf/resolv.conf.d/ (base, head, tail) files. :-(
[color=blue]
> Any suggestions?[/color]
turn resolvconf service/daemon back on
modify head or tail files as suggested.
Re: how to get three nameserver entries in /etc/resolv.conf
On Sun, 24 Feb 2008 04:30:25 +0000 (UTC), Bit Twister wrote:[color=blue]
>
> Or add nameserver 127.0.0.1 to /etc/resolvconf/resolv.conf.d/tail[/color]
Frap, should read head.
Or add nameserver 127.0.0.1 to /etc/resolvconf/resolv.conf.d/head
[color=blue]
> and the two other ip to DNSx nic config file and do a
> service network restart
> cat /etc/resolv.conf[/color]
Re: how to get three nameserver entries in /etc/resolv.conf
On 2008-02-24, Bit Twister <BitTwister@mouse-potato.com> wrote:[color=blue]
> On Sun, 24 Feb 2008 04:30:25 +0000 (UTC), Bit Twister wrote:[color=green]
>>
>> Or add nameserver 127.0.0.1 to /etc/resolvconf/resolv.conf.d/tail[/color]
>
> Frap, should read head.
>
> Or add nameserver 127.0.0.1 to /etc/resolvconf/resolv.conf.d/head
>[color=green]
>> and the two other ip to DNSx nic config file and do a
>> service network restart
>> cat /etc/resolv.conf[/color][/color]
Already tried that, including manually running
/sbin/resolvconf, and 127.0.0.1 did not make it into
/etc/resolv.conf. That's why I asked the order in which
stuff from /etc/resolvconf/resolv.conf.d/base would be put.
--
Robert Riches
[email]spamtrap42@verizon.net[/email]
(Yes, that is one of my email addresses.)
Re: how to get three nameserver entries in /etc/resolv.conf
On Sun, 24 Feb 2008 05:29:55 GMT, Robert M. Riches Jr. wrote:[color=blue]
> On 2008-02-24, Bit Twister <BitTwister@mouse-potato.com> wrote:
>[color=green]
>> and the two other ip to DNSx nic config file and do a
>> service network restart
>> cat /etc/resolv.conf[/color]
>
> Already tried that, including manually running
> /sbin/resolvconf, and 127.0.0.1 did not make it into
> /etc/resolv.conf. That's why I asked the order in which
> stuff from /etc/resolvconf/resolv.conf.d/base would be put.[/color]
What can I say, I tested by putting text in
/etc/resolvconf/resolv.conf.d/tail
see
$ cat /etc/resolvconf/resolv.conf.d/tail
# from tail
And doing a
service network restart
cat /etc/resolv.conf
and my text showed up in /etc/resolv.conf
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.130
# from tail
Watch as I do the reverse:
# cp /dev/null /etc/resolvconf/resolv.conf.d/tail
cp: overwrite `/etc/resolvconf/resolv.conf.d/tail'? y
# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: c [ OK ]
# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.130
$ cat /etc/sysconfig/network
NETWORKING_IPV6=no # speedup DNS lookups
NOZEROCONF=yes # no doze lookups needed
GATEWAYDEV=eth0 # needed for my DHCP scripts
GATEWAY=192.168.1.1 # needed for my DHCP scripts
NEEDHOSTNAME=no # I'll use my own hostname
NETWORKING=yes
HOSTNAME=wm80.home.test
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.130
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
METRIC=10
MII_NOT_SUPPORTED=yes
USERCTL=yes
DNS1=192.168.1.130
RESOLV_MODS=yes
IPV6INIT=no
IPV6TO4INIT=no
# chkconfig --list resolvconf
resolvconf 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Re: how to get three nameserver entries in /etc/resolv.conf
On Sun, 24 Feb 2008 06:11:15 +0000 (UTC), Bit Twister wrote:[color=blue]
> On Sun, 24 Feb 2008 05:29:55 GMT, Robert M. Riches Jr. wrote:[color=green]
>> Already tried that, including manually running
>> /sbin/resolvconf, and 127.0.0.1 did not make it into
>> /etc/resolv.conf. That's why I asked the order in which
>> stuff from /etc/resolvconf/resolv.conf.d/base would be put.[/color][/color]
If you would like to hunt around in the code, this two line snippet from
/var/log/messages be a lead :)
NET[3332]: /etc/sysconfig/network-scripts/ifup-post : updated /etc/resolv.conf
kernel: eth0: Setting full-duplex based on MII#1 link partner capability of 05e1.
Re: how to get three nameserver entries in /etc/resolv.conf
Robert M. Riches Jr. wrote:[color=blue]
> Does someone here know how to get three nameserver entries
> into /etc/resolv.conf? (And for the benefit of any wise
> guys: How is it done?)[/color]
Have you gone into mcc, to network & internet, to network
center, and clicked the delta for configure, and then moved
on to advanced? There are some settings there that mcc may
be reasserting, without regard to changes to config files.
Beyond that, I too am trying to get three DNS servers into
resolv.conf, and I can get two plus a domain search line. I.d.
nameserver 208.67.222.222
nameserver 208.67.220.220
search home.invalid
I am beginning to wonder if this third search line
counts as a dns server. If so, I need to know how
to replace it with a third dns machine.
Cheers!
jim b.
--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.
Re: how to get three nameserver entries in /etc/resolv.conf
On Sat, 23 Feb 2008 23:10:16 -0500, Robert M. Riches Jr. <spamtrap42@verizon.net> wrote:
[color=blue]
> Does someone here know how to get three nameserver entries
> into /etc/resolv.conf? (And for the benefit of any wise
> guys: How is it done?)[/color]
See [url]http://groups.google.com/group/alt.os.linux.mandriva/msg/0198870aacbcdf52?[/url]
[color=blue]
> the router query the actual ISP DNS servers. Now, in
> response to reports the black hats are cracking home routers
> to do DNS poisoning, I want to have my Linux machines do
> local caching and access the ISP's DNS servers directly.[/color]
For anyone who hasn't heard about it yet, the attack is described at
[url]http://www.gnucitizen.org/blog/hacking-the-interwebs/[/url]
Instead of bypassing the dns servers specified in the router,
why not protect the router by turning off UPnP, and manually
configure the router to forward the ports you want forwarded?
Note that changing the dns servers, isn't the only damage that
can be done with UPnP.
[color=blue]
> Incidentally, I have resolvconf disabled via chkconfig, but
> it seems to be running at boot time, anyway.[/color]
You may as well leave it enabled. Take a look at the scripts
with grep -r resolv /etc/sysconfig/*
[color=blue]
> Any suggestions?[/color]
If you have fixed nameservers you want to use, edit the file
/etc/resolvconf/resolv.conf.d/head as per the google groups
article, above.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Re: how to get three nameserver entries in /etc/resolv.conf
On 2008-02-24, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:[color=blue]
> On Sat, 23 Feb 2008 23:10:16 -0500, Robert M. Riches Jr. <spamtrap42@verizon.net> wrote:
>[color=green]
>> Does someone here know how to get three nameserver entries
>> into /etc/resolv.conf? (And for the benefit of any wise
>> guys: How is it done?)[/color]
>
> See [url]http://groups.google.com/group/alt.os.linux.mandriva/msg/0198870aacbcdf52?[/url]
>[color=green]
>> the router query the actual ISP DNS servers. Now, in
>> response to reports the black hats are cracking home routers
>> to do DNS poisoning, I want to have my Linux machines do
>> local caching and access the ISP's DNS servers directly.[/color]
>
> For anyone who hasn't heard about it yet, the attack is described at
> [url]http://www.gnucitizen.org/blog/hacking-the-interwebs/[/url]
>
> Instead of bypassing the dns servers specified in the router,
> why not protect the router by turning off UPnP, and manually
> configure the router to forward the ports you want forwarded?
>
> Note that changing the dns servers, isn't the only damage that
> can be done with UPnP.
>[color=green]
>> Incidentally, I have resolvconf disabled via chkconfig, but
>> it seems to be running at boot time, anyway.[/color]
>
> You may as well leave it enabled. Take a look at the scripts
> with grep -r resolv /etc/sysconfig/*
>[color=green]
>> Any suggestions?[/color]
>
> If you have fixed nameservers you want to use, edit the file
> /etc/resolvconf/resolv.conf.d/head as per the google groups
> article, above.
>
> Regards, Dave Hodgins[/color]
Thanks to all who responded. I'll turn resolvconf back on,
see if that makes the stuff in the {head,base,tail} files
show up in /etc/resolv.conf, and turn off UPnP on the
routers--not necessarily in that order.
Thanks.
--
Robert Riches
[email]spamtrap42@verizon.net[/email]
(Yes, that is one of my email addresses.)
Re: how to get three nameserver entries in /etc/resolv.conf
Robert M. Riches Jr. wrote:[color=blue]
> Does someone here know how to get three nameserver entries
> into /etc/resolv.conf? (And for the benefit of any wise
> guys: How is it done?)[/color]
[url]http://groups.google.com/group/alt.os.linux.mandriva/browse_thread/thread/1e558daa3ed09f3e/9106233aec170091?hl=en&lnk=st&q=#9106233aec170091[/url]
If that URL breaks google in groups for: mathog "resolv.conf" three
Regards,
David Mathog
[Solved] Re: how to get three nameserver entries in /etc/resolv.conf
On 2008-02-25, Robert M. Riches Jr. <spamtrap42@verizon.net> wrote:[color=blue]
> ...
>
> Thanks to all who responded. I'll turn resolvconf back on,
> see if that makes the stuff in the {head,base,tail} files
> show up in /etc/resolv.conf, and turn off UPnP on the
> routers--not necessarily in that order.[/color]
It worked. I put the following in resolvconf's input files:
==> /etc/resolvconf/resolv.conf.d/base <==
# base start
# base end
==> /etc/resolvconf/resolv.conf.d/head <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# head start
nameserver 127.0.0.1
# head end
==> /etc/resolvconf/resolv.conf.d/tail <==
# tail start
# tail end
Restarting the network produced the following in
/etc/resolv.conf:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# head start
nameserver 127.0.0.1
# head end
nameserver ...
nameserver ...
search localnet
# tail start
# tail end
So, the 'head' and 'tail' files work as documented in the
man page, but the 'base' file apparently does not get used.
(The two nameserver lines with IP addresses redacted come
from the DNS{1,2} entries for the static-IP eth0.)
Regarding the counsel to disable UPnP, I couldn't find
anything on the non-wireless router about UPnP. Is UPnP
_only_ a wireless thing?
(By the way, in the process, I learned to _NOT_ try to
restart the 'network' service on an NFS client machine. The
"service network stop" command hung, leaving the system
broken. Then, when rebooting, one of them hung while
shutting down the ALSA driver, which ended up requiring fsck
after magic sysrq reboot. At least I was smart enough to
not try to restart the network via ssh. :-)
Thanks.
--
Robert Riches
[email]spamtrap42@verizon.net[/email]
(Yes, that is one of my email addresses.)
Re: [Solved] Re: how to get three nameserver entries in/etc/resolv.conf
On Sat, 01 Mar 2008 17:55:58 -0500, Robert M. Riches Jr. <spamtrap42@verizon.net> wrote:
[color=blue]
> So, the 'head' and 'tail' files work as documented in the
> man page, but the 'base' file apparently does not get used.[/color]
That's good to know. I never tried using that one, so hadn't come across
that.
[color=blue]
> Regarding the counsel to disable UPnP, I couldn't find
> anything on the non-wireless router about UPnP. Is UPnP
> _only_ a wireless thing?[/color]
No. Most wired routers have the "feature", and have it enabled by default.
What is the make/model of the router?
[color=blue]
> (By the way, in the process, I learned to _NOT_ try to
> restart the 'network' service on an NFS client machine. The[/color]
Heh, heh. That's good to know too. Thanks for posting the info.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Turn off upnp in all routers - IMPORTANT
On Sun, 24 Feb 2008 14:06:08 -0500, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
[color=blue]
> For anyone who hasn't heard about it yet, the attack is described at
> [url]http://www.gnucitizen.org/blog/hacking-the-interwebs/[/url][/color]
If you are using a router, make sure you turn off the Upnp "feature", otherwise
your dns servers, and other router settings can be changed, by visiting a
site (including hacked ad servers), with flash, or any other plugin, that
allows sending a SOAP request, from your computer, back to your router.
Note that this security hole affects all operating systems, and all browsers
that support plugins.
Replying to myself, and changing the subject, to ensure everyone takes
a look at this.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Re: Turn off upnp in all routers - IMPORTANT
On Sat, 01 Mar 2008 19:02:38 -0500, David W. Hodgins wrote:[color=blue]
> On Sun, 24 Feb 2008 14:06:08 -0500, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
>[color=green]
>> For anyone who hasn't heard about it yet, the attack is described at
>> [url]http://www.gnucitizen.org/blog/hacking-the-interwebs/[/url][/color]
>
> If you are using a router, make sure you turn off the Upnp "feature",[/color]
I looked around in my MI424-WR Actiontec Router and was unable to see
anything which would disable such a "feature" :(
[color=blue]
> otherwise
> your dns servers, and other router settings can be changed, by visiting a
> site (including hacked ad servers), with flash, or any other plugin, that
> allows sending a SOAP request, from your computer, back to your router.
>
> Note that this security hole affects all operating systems, and all browsers
> that support plugins.[/color]
Yep, one of the reasons I run with NoScript Add On in Firefox with all
boxes checked in Untrusted Tab Under NoScript Options.
Same possible exploit also foiled by using bind/named with forwarders
set to OpenDNS servers.
Also hopping privoxy blocking ads, foils any malware on ad servers.
Re: Turn off upnp in all routers - IMPORTANT
On Sat, 01 Mar 2008 19:21:52 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
[color=blue]
> I looked around in my MI424-WR Actiontec Router and was unable to see
> anything which would disable such a "feature" :([/color]
According to [url]http://www.fiberfaq.com/admin/attachments/actiontec_mi424wr_manual.pdf[/url]
it's an option on the advanced settings screen. It's not clear from the manual,
whether or not it's on, by default. I'm curious, as to whether or not it is.
Using the opendsn servers, or for that matter, anything other then the ip
addresses from the router, will protect from bad dns ip addresess in the router,
but doesn't protect against having other settings in the router changed, such
as turning the wireless access on, if it wasn't already, and removing security
from the wireless connection.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Re: Turn off upnp in all routers - IMPORTANT
On Sat, 01 Mar 2008 21:25:24 -0500, David W. Hodgins wrote:[color=blue]
> On Sat, 01 Mar 2008 19:21:52 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
>[color=green]
>> I looked around in my MI424-WR Actiontec Router and was unable to see
>> anything which would disable such a "feature" :([/color]
>
> According to[/color]
[url]http://www.fiberfaq.com/admin/attachments/actiontec_mi424wr_manual.pdf[/url][color=blue]
> it's an option on the advanced settings screen. It's not clear from
> the manual, whether or not it's on, by default. I'm curious, as to
> whether or not it is.[/color]
I would tell you except, I am curious as to what the field/option is named.
[color=blue]
> Using the opendsn servers, or for that matter, anything other then
> the ip addresses from the router, will protect from bad dns ip
> addresess in the router, but doesn't protect against having other
> settings in the router changed, such as turning the wireless access
> on, if it wasn't already, and removing security from the wireless
> connection.[/color]
True, I had thought of using wget to fetch the pages and compare
against local copies to warn of router changes.
Re: Turn off upnp in all routers - IMPORTANT
On 2008-03-02, Bit Twister <BitTwister@mouse-potato.com> wrote:[color=blue]
> On Sat, 01 Mar 2008 19:02:38 -0500, David W. Hodgins wrote:[color=green]
>> On Sun, 24 Feb 2008 14:06:08 -0500, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
>>[color=darkred]
>>> For anyone who hasn't heard about it yet, the attack is described at
>>> [url]http://www.gnucitizen.org/blog/hacking-the-interwebs/[/url][/color]
>>
>> If you are using a router, make sure you turn off the Upnp "feature",[/color]
>
> I looked around in my MI424-WR Actiontec Router and was unable to see
> anything which would disable such a "feature" :([/color]
On my Verizon-supplied Actiontec MI424-WR, the UPnP control
is under "Advanced" from the main menu, then in the second
column from the left, lower section, right under "Network
Objects".
My other router (because Verizon may have a backdoor to the
Actiontec) is a D-Link DI-604. Looking more thoroughly, I
found the UPnP setting under "Tools" in the upper tabs,
"Misc" on the left-hand button.
[color=blue][color=green]
>> otherwise
>> your dns servers, and other router settings can be changed, by visiting a
>> site (including hacked ad servers), with flash, or any other plugin, that
>> allows sending a SOAP request, from your computer, back to your router.
>>
>> Note that this security hole affects all operating systems, and all browsers
>> that support plugins.[/color][/color]
Yikes! Thanks for bringing this to our attention.
[color=blue]
> Yep, one of the reasons I run with NoScript Add On in Firefox with all
> boxes checked in Untrusted Tab Under NoScript Options.
>
> Same possible exploit also foiled by using bind/named with forwarders
> set to OpenDNS servers.
>
> Also hopping privoxy blocking ads, foils any malware on ad servers.[/color]
It sounds like that's a good idea.
--
Robert Riches
[email]spamtrap42@verizon.net[/email]
(Yes, that is one of my email addresses.)
Re: Turn off upnp in all routers - IMPORTANT
On Sun, 02 Mar 2008 04:23:04 GMT, Robert M. Riches Jr. wrote:
[color=blue]
> On my Verizon-supplied Actiontec MI424-WR, the UPnP control
> is under "Advanced" from the main menu, then in the second
> column from the left, lower section, right under "Network
> Objects".[/color]
Ok, found it. It is on by default.
[color=blue][color=green]
>> Also hopping privoxy blocking ads, foils any malware on ad servers.[/color]
>
> It sounds like that's a good idea.[/color]
If you want to play with it, install instructions here
[url]http://groups.google.com/group/alt.os.linux.mandriva/msg/a76245f3f5fab041[/url]
with a bunch of sites added to +block
Re: Turn off upnp in all routers - IMPORTANT
on Sunday 02 March 2008 11:02
in the Usenet newsgroup alt.os.linux.mandriva
David W. Hodgins wrote:
[snip][color=blue]
> Replying to myself, and changing the subject, to ensure everyone takes
> a look at this.[/color]
[snip]
Despite the change of subject it is still a reply. Threading
newsreaders (like Knode) hid your message inside the old
thread.
--
sig goes here...
Peter D.
Privoxy -- PUBLIC ANNOUNCEMENT
Bit Twister wrote:[color=blue]
> On Sun, 02 Mar 2008 04:23:04 GMT, Robert M. Riches Jr. wrote:
>[color=green]
>> On my Verizon-supplied Actiontec MI424-WR, the UPnP control
>> is under "Advanced" from the main menu, then in the second
>> column from the left, lower section, right under "Network
>> Objects".[/color]
>
> Ok, found it. It is on by default.
>
>[color=green][color=darkred]
>>> Also hopping privoxy blocking ads, foils any malware on ad servers.[/color]
>> It sounds like that's a good idea.[/color]
>
> If you want to play with it, install instructions here
> [url]http://groups.google.com/group/alt.os.linux.mandriva/msg/a76245f3f5fab041[/url]
>
> with a bunch of sites added to +block[/color]
PUBLIC ANNOUNCEMENT hat on.
BitTwister's suggestions of privoxy finally led me
to urpmi the package and use his instructions and
configuration file to get started.
IT IS WONDERFUL.
I had intended to read up and figure out how to
use it, but it is doing such a great job of
blocking/stopping stuff that I had been seeing but
did not want to, that I have not altered any setting
since the install.
HIGHLY RECOMMENDED. (Repeat 10 times for emphasis.)
Many thanks, BitTwister!
Cheers!
jim b.
--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.
