[KLUG Members] KLUG Meeting Notes for 11/26/2002
mag00
members@kalamazoolinux.org
Fri, 29 Nov 2002 03:15:41 -0500
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
THE KLUG MEETING NOTES NOW BEING PRESENTED IN A NEW FORMAT!
NOTICE THE CURRENT CONTENT AND REDUCED REPETITION? PLEASE
LET US KNOW HOW YOU LIKE THE NEW KLUG MEETING NOTES FORMAT.
recordingsecretary@kalamazoolinux.org
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
KLUG Meeting Notes: Tuesday - November 26, 2002 7:00PM
I. PRESENTATION RECAP
II. NEXT WEEK'S MEETING INFO <=== Beginner's Meeting &
III. KLUG MAILING LISTS Linux Installations...
IV. KLUG NEWS FLASHES
V. KLUG CONTACT & MEETING INFO
Tonight's Meeting Moderator: KLUG Chairperson Dirk Bartley
I. PRESENTATION RECAP
THIS WEEK'S KLUG PRESENTATION: (25 active KLUG participants)
*****************************************************************
A Firewall Sampling
by Bruce Smith
Bruce summarized and compared some vastly different
Linux based firewall distributions. These included
Smoothwall, IPCOP, FloppyFW, and Devil-Linux. The
presenter has personally used all of these firewall
packages for a period of time on his home internet
connection. This presentation was made to help
people select the firewall package which is right
for them. Allowing everyone to protect their data
and share a single internet connection among many
computers.
PRESENTATION SUMMARY:
***********************
It is presentations like these that makes KLUG world class!
Bruce used a laptop running Red Hat v8.0 and the KLUG SVGA
projector to make his presentation tonight. He was using
the trusty vi editor to present his notes and was kind enough
to furnish those for the KLUG members that missed this very
important content. Security is a key issue today whether
you are using dialup, ISDN, cable, or DSL! During the Q & A
session it was mentioned that having a dual dialup & higher
bandwidth firewall configuration was a smart idea in the event
that the higher bandwidth connection goes down. This happens
frequently we hear and you don't want to drop your defenses
when it does. It was mentioned that IPCOP supports this idea.
There was some discussion of the advantages of packages that
use the 2.4.x Linux kernel security verses the ones that are
still using 2.2.x kernel features. The 2.4.x kernel added
serious tools (stateful) to keep hackers out of your network!
You don't want terrorists or digital punks launching attacks
from your PC! Better learn how to protect yourself and others
with the excellent information that Bruce presented for KLUG!
In addition to the material presented in the outline, he also
showed us live examples of these firewalls and how they work.
We saw how IPCOP was protecting the KLUG servers and how Devil
Linux was working on his home network. Adam Williams and others
were loudly proclaiming the simplicity, reliability, low cost,
and functionality of floppyfw. Looks like you have many great
choices in the Open Source community! Get YOUR firewall up!!!
Introduction to running a dedicated Linux based firewall.
---------------------------------------------------------
All firewalls reviewed here have the following in common:
1) Linux based and GNU (free of license charges)
2) Self contained distribution with firewalling the main goal.
(although most provide additional/optional services, like DHCP server)
3) Require a dedicated PC connected to the internet and a local network.
4) Provide IP-masquerading (Network Address Translation)
or the ability to provide simultaneous internet access for
mulitiple computers from one internet connection.
I. Smoothwall http://www.smoothwall.org/
II. IPCOP http://ipcop.org/
III. FloppyFW http://www.zelow.no/floppyfw/
IV. Devil Linux http://www.devil-linux.org/
V. Mandrake Security http://www.mandrakesoft.com/products/snf
I. Smoothwall
-----------------
This is the first dedicated firewall package I used at my home, starting
with a dialup connection shared between 2 PC's.
Minimum requirements: 486 or better, 16 MB, 200MB hard drive, NIC(s)/modem..
Advantages:
1) Simple install program from CD completely takes over the first hard drive.
2) Extremely easy to manage from a web browser.
3) Graphical reporting from the web interface.
4) Support for most (all?) types of internet connections.
Dialup, ISDN, DSL, Cable modems. Even some USB DSL/cable modems.
5) FreeSWAN (VPN) support.
6) Many services supported.
DNS/DHCP/Squid(proxy)/Snort(IDS)/SSHD/....
7) Supports DMZ (third/separate LAN to isolate servers).
8) Extremely nice documentation in PDF format.
9) Available updates (patches/fixes) are listed on the web interface
and are installed from the web interface.
Disadvantages:
1) ext2 filesystem (non-journalized) requires fsck after power outage.
2) 2.2 kernel uses ipchains (non stateful firewall).
There is a new version in beta with a 2.4 kernel w/ iptables/netfilter.
3) Requires a hard drive (high point of failure).
4) New versions require a fresh install.
[Possibly] due to the initial success of Smoothwall, the project founders
decided to go commercial with smoothwall. New features and versions require
purchasing of licenses. Because of this, a fork of the smoothwall
project was created:
II. IPCOP
-------------
Initially the same as Smoothwall, with the name & logos changed,
with the following exceptions:
1) Upgrade to ext3 jouralized filesystem.
2) New releases are intended to be GPL (free).
The next release plans support for iptables/netfilter, but we've been waiting
a long time. I don't know if it's because of the lack of time the developers,
or the fact they didn't write most of the code and don't know it very well.
After running IPCOP for awhile at home, I got tired of waiting for the new
release and went searching for packages that support the stateful firewalling
of the 2.4 kernel with iptables/netfilter.
III. floppyfw
-----------------
As the name implies, it is entirely contained on a single floppy diskette.
Advantages:
1) Extremely light minimum hardware requirements:
386 or better
12MB memory
2 network cards
1.44MB floppy drive
2) No hard drive needed.
Saves electricity.
Eliminates that potential "point of failure".
3) Simple plain text configuration files on a FAT filesystem floppy.
Can edit plain text config files from either Linux or Windows.
4) floppyrw version 2.x has a 2.4.x kernel, and supports iptables/netfilter.
Stateful firewall!
Older version of floppyfw have the 2.2 kernel & ipchains.
5) Provides simple DHCP server and DNS cache.
6) Logging through klogd/syslogd, both local and remote.
7) Braindead.
Harder to hack into.
Disadvantages:
1) Braindead.
Only provides DHCP/DNS services, a few others may be hacked in.
Although you are very limited by available space on the floppy.
2) Only supports connections with two ethernet cards "out of the box".
Dialup support can be hacked in.
Three ethernet card support can be hacked in.
3) Cannot be remotely managed.
Serial console is supported, but does not work very well, IMO.
I personally hacked in support for the 3rd network card (DMZ) for my WAP.
I also upgraded to the better DHCPD package so I could statically assign
IP's to certain MAC addresses (along with random assignment of IP's).
Hacking requires knowledge of iptables and scripting. There are "howto's"
to aid in hacking in non-standard support into floppyfw.
Wanting a few more services, and fewer limitations due to disk space,
I continued my quest for firewall packages supporting iptables/netfilter:
IV. Devil Linux
-------------------
Requirements: PC that can boot from CDROM first.
486, 64MB memory, CDROM & Floppy Drives, NICs.
Advantages:
1) Boots and runs from CDROM!
No hard drive "point of failure" required.
Configuration files are stored on a floppy diskette.
Cannot be changed by a hacker.
(if you keep your diskette write protected)
No worry of corruption on power outages. (journal not needed! :)
2) Ease of upgrades.
To install a new version, you download and burn a new ISO image to CD,
move your configuration changes to the floppy and reboot.
3) MANY services available.
FREESWAN (VPN), OpenSSH, DHCP, DHCP Relay, NTP, PPTP, ZEBRA, BGPD,
OSPFD, OSPF6D, RIPD, RIPNGD, CRON, NAMED, UCD_SNMP, POSTFIX, JFTPGW,
Snort, Squid (hard drive required for squid cache)
Disadvantages:
1) NOT user friendly setup or configuration.
Some Linux knowledge is required to create the floppy & config.
Config files are text files which must be edited/created by hand.
No GUI configuration tools at all.
2) NO sample firewall rules!
The firewall script is completely empty! Must be created from scratch!
I "borrowed" the iptables script from floppyfw w/slight modifications.
3) Likewise, most services must also be configured from scratch.
V. Mandrake Security
------------------------
This is also a CD-ROM based firewall.
Advantages:
1) Supports dialup, ISDN, cable, and DSL
2) Services include DHCP, squid, proxy, and others.
3) Web browser interface even produces graphical displays of usage stats.
Disadvantages:
1) None noted!
Bruce Smith is a Systems Administrator and Software Developer
for Armstrong International Inc. where he is responsible for
a HP-UX network of Servers, Workstations, printers and X-Terminals
spanning five buildings in Three Rivers. Bruce has a degree in
Computer Science and Mathematics from Central Michigan University.
(go Chips! :) Bruce runs Linux, almost exclusively, on all his
PC's at work and home, and runs a lot of Armstrong's networking
services on Linux!
NOTE -
* Must come to three meetings to qualify as a full member.
II. NEXT KLUG MEETING - TUESDAY 12/03/2002
******************************************************************
Linux for Beginners
by Dirk Bartley
THE BEGINNER'S MEETINGS ARE HELD the first Tuesday of each
month. Linux basics and distribution installs are the
lessons of these evenings. If you do want KLUG's FREE help
installing Linux on your computer at one of these meetings,
http://kalamazoolinux.org/meetings/installform.html
Contact the KLUG Installmasters for more information:
installmaster@kalamazoolinux.org
- and -
ORDER YOUR SOFTWARE HERE: http://kalamazoolinux.org/bsware
Now is the time to get started! Linux is becoming a mainstay
of free software, free choice, dependability and power.
===============================================================
THE STANDARD KLUG BEGINNER'S PRESENTATION - LINUX BOOT CAMP!!!
http://kalamazoolinux.org/presentations/beginner01.html
===============================================================
Note:
As Linux matures as an OS, the educational needs are evolving.
The Beginner's Meeting format is changing with those needs.
It is difficult to cover all the basics in one meeting. Linux
is not just for CS experts and IT professionals. The "BASICS"
meetings are intended for those with limited experience with
Operating System's or even Personal Computer's. Your comments
and questions are welcomed!
Dirk Bartley, a WMU graduate, works as a systems
administrator for Schupan Aluminum Sales, a division
of Schupan and Sons. His passion for free software
comes second to spending time with his wife Dawn, an
Upper Peninsula native, and taking Shelly, their
sheltie/terrier mix pound pooch, for a walk. These
interests are only followed by his love of playing
ice hockey.
III. K L U G M A I L I N G L I S T S
*************************************************************
Diversified mailing lists can be found on the KLUG web site.
http://kalamazoolinux.org/listserv/
Facilitated by - John Bridelman listmaster@kalamazoolinux.org
Sign up and participate to serve the Open Source community!!!
IV. K L U G N E W S F L A S H E S ! ! !
==============================================================
KLUG HAS OPEN PRESENTATION DATES AVAILABLE THAT YOU CAN
volunteer to fill right away... 12/10/2002! Look at the
KLUG Presentation Schedule to see the available dates.
Contact Program Director, Adam Williams, immediately if
you can offer your service and knowledge under the Open
Source community obligation of contribution for benefits!
Don't make Dirk give the "NO FREE LUNCH" speech to you!!!
==============================================================
KLUG VOLUNTEERS HELD AN EXTREMELY PRODUCTIVE MEETING ON
Monday night 11/25/2002 at Robert G. Brown's residence and
continued to plot strategies for KLUG growth and a solid Open
Source support organization. Thanks to the many volunteers
who attended the 3 hour session and enjoyed the exciting
synergy that makes Linux and Open Source the WORKABLE MODEL!
==============================================================
YAHOO CONVERTING TO LINUX AND PHP TO DRIVE THEIR WEB SITE!
Another major player making the commitment to Open Source.
==============================================================
GATEWAY ANNOUNCED THAT IT IS OFFERING PC'S WITHOUT OS'S
preloaded. They have joined the growing list of major PC
manufacturers that are recognizing the Linux OS alternative!
Stu Gillis noted that more PC's at the computer shows are
being sold without the proprietary OS that once dominated.
The 11/25/2002 edition of Info World published an article
by Tom Yager (p.34) entitled "SO LONG, WINTEL!" KLUG members
have known this was coming for some time, and as Robert G.
Brown so eloquently noted, "Public awareness lags reality by
approximately 18 months." His observation was very accurate!
www.infoworld.com/articles/op/xml/02/11/25/021125opestrat.xml
This is just one of hundreds of mainstream IT press articles
now acknowledging the candor of Bob's insightful predictions.
==============================================================
OPENOFFICE VER 1.0.1 IS FREEING THE WORKSTATION/DESKTOP SECTOR
from the previous stranglehold of the proprietary office suite
marketers. Open Source is now the obvious choice for everyone!
Freedom for the license fees and limited technology has arrived.
Operating systems, firewalls, web servers, network servers,
office applications, programming tools, publishing formats,
and many other areas have evolved to superior levels because of
the WORKABLE MODEL that the Open Source community established.
Order the KLUG Office CD from BS-Ware and find out for yourself!
Contains Linux & Windows GPL code! kalamazoolinux.org/bsware
==============================================================
JIM EIDEN, PUBLISHER OF THE EIDEN REPORT WEB SITE HAS ATTENDED
the last two KLUG meetings and made a cash and cookie donation
to the organization. Check out - http://www.eidenreport.com
==============================================================
K L U G O F F I C E R
E L E C T I O N S C O M I N G I N J A N U A R Y !!!
* TUESDAY JANUARY 21ST MEETING *
Nominate KLUG Members for Offices! Participate in the Vote.
http://kalamazoolinux.org/organize - for more info -
==============================================================
KLUG "PC SHOW" PUBLIC OUTREACH PROJECT WENT VERY WELL AGAIN!
The big yellow KLUG banner and the lovable TUX penguin were
again proudly displayed on Sunday November 24, 2002 at the
A1SCS COMPUTER SHOW in KALAMAZOO, MI! http://www.a1scs.com
This show was again held at the Kalamazoo County Fairgrounds.
Several dozen BS-Ware and KLUG Office CD's were distributed.
KLUG Shirts, Supporting Memberships, and other Linux related
offerings were made available to the public. To get more info
or to volunteer to help with the next A1SCS event that KLUG
participates in, please contact KLUG Chairperson "Dirk Bartley"
<bartleyd2@net-link.net> or Vice Chairperson "Stu Gillis"
<showperson@kalamazoolinux.org>
==============================================================
V. K L U G C O N T A C T & M E E T I N G I N F O
*************************************************************
MEMBERS AND GUESTS - COME JOIN US FOR A MEETING!!!
http://kalamazoolinux.org/meetings
WE MEET WEEKLY, EACH TUESDAY AT 7:00PM.
Our meeting site is the Kalamazoo Chamber
of Commerce office building downtown.
346 W. Michigan Ave. - Kalamazoo, MI 49007
http://kazoolug.org/meetings/maps.php3 <=== MAP!
CONTACT INFORMATION:
Kalamazoo Linux Users Group, Inc.
6749 South Westnedge Avenue
Suite K-288
Portage MI 49002
e-mail address: chairman@kalamazoolinux.org
web site http://kalamazoolinux.org
Copyright 2002 Kalamazoo Linux Users Group, Inc.
>><< send corrections, additions, flames to the KLUG scribe >><<