From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: * X-Spam-Status: No, score=1.5 required=5.0 tests=DATE_IN_PAST_12_24, DMARC_MISSING,INVALID_DATE,MAILING_LIST_MULTI,RDNS_NONE autolearn=no autolearn_force=no version=4.0.0 Received: from [141.238.40.68] (helo=nutopia.org ident=qmailr) by cvs.gentoo.org with smtp (Exim 3.30 #1) id 15pF8u-00006C-00 for gentoo-dev@cvs.gentoo.org; Thu, 04 Oct 2001 14:30:52 -0600 Received: (qmail 23505 invoked by uid 1000); 4 Oct 2001 20:31:56 -0000 From: Nathaniel Grady To: gentoo-dev@cvs.gentoo.org Subject: Re: [gentoo-dev] NAT iptables info Message-ID: <20011004163156.A23796@nutopia.org> References: <1DCB85BD45DED211B12D009027279E4F47700B@murcury> <20011004130314.6baa7489.djamil@francexpress.com> <20011004132829.J32329@cvs.gentoo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Mutt/1.2.5i In-Reply-To: <20011004132829.J32329@cvs.gentoo.org>; from drobbins@gentoo.org on Thu, Oct 04, 2001 at 01:28:29PM -0600 Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Thu Oct 4 14:31:02 2001 X-Original-Date: Thu, 4 Oct 2001 16:31:56 -0400 X-Archives-Salt: 72084e7e-355c-4073-8959-4ec5be93ec9f X-Archives-Hash: 3258b5f56f7d84a3de78c4d213bbdd73 (note: I havn't really been able to keep up completly with the thread - dar= n classes getting in the way of important stuff :) I would have to argue that I believe an openBSDish secure by default is the= best approach. Make the default install very secure - not allowing any sor= t of insecure password auths (non-ssl ftp pop3 and imap) and the shuch. Hav= ing config files in portage is a bad idea as it will cause the biggest secu= rity hole windows has - "gee, I pressed a button and it worked so it's good= enouhg." This promotes a lack of understanding about what the user has don= e and therefore they would have trouble even knowing what exactally the wer= e using to know what patches and security vunarablity reports applied to th= em. That dosn't mean we should leave a newbie floating. I really think good= how-to's are the answer. A websight of "how to make an X with gentoo linux= " sort of thing - step by step documents describing how to make a firewall/= NAT applience with a modem or a cablemodem or a DSL line, how to set up sec= ure imap and pop servers (ssl that is), how to set up a webserver. I think = those three are probably where the biggest number of newbies are going to c= ome from and it would be a waste if each one had to be walked through those= first steps indivigually. The most important aspect of the guides would be= *REFRENCES* - eg: "install the certificate by doing.... [see the wonderful= l guides by john at http://... and the part of the OpenSSL manual at ... an= d ]." A lot of guides seem to have a list of refrences at the bottom but I = think maybe a lot of newbies are intimitated by "for more info see the home= page of XXX." Insted relevant refrences to the section of the manual, simil= ar guides writtin by other projects, etc... (Oh, and including commented ex= ample configurations and such is good too - the current gentoo build doc an= d such are really good about that allredy - i think a few more docs along t= hose lines would be good)=20 For example, looking at http://www.gentoo.org/doc/build.html, under 2. Boot= ing there should be a line "By the way that prompt you're loking at is this program and the docs for it are = here . The ISO was created with isolinux.= If you have problems you might want to glance at thier respective homepage= s to see if it's a known bug with your motherboard chipset... or looking a= t the next section - the real power of html is that when it sais use modpro= be you can have use modprobe! I think that's= whats going to help newbies start to learn how to really use linux and go = beyond the microsoft programed "gee, i clicked someting and it seems to ser= ve webpages now... on to mail serving" That said I want to say I really think the gentoo docs are excellant - some= of the best i've seen of any distro. And drobbins articles on developerwor= ks kick ass - really found them usefull myself :) The openAFS doc i think = is a model of how this sort of documentation for "newbies" should be produc= ed. (newbies in quotes as non-newbies like me find is usefull as well). in conclusion my main suggestion is that the current documentation trend (o= penafs, nvidia) is excellant and the only real change is maybe more hyperli= nks to man pages, relevant sections of other guides sprinkled around the gu= ides. If maintianers are intersted I'll start looking around suggestions of= such links :) Just my 2 cents --Nathaniel Grady ps: if nobody has taken it i'll offer to try and make a "making a simple fi= rewall/nat with gentoo linux" oriented to newbies, but i only have a modem = so i can't comment much on cable/dsl aside from "change ppp0 to ethX where = X is the ethernet adapter your modem is connected to".... really, i can wri= te better than this email would suggest *grin*