* List: alug@stu.uea.ac.uk
BT's ADSL ---------
What do you get? ---------------
1. A permanent internet connection. 2Mb/s download, 256Kb/s upload.
2. Static, masqueraded IP. The addresses used are in the 192.168.*.* range.
3. ADSL shares your phone line with voice traffic. You can use voice and data at the same time.
4. Two wall boxes, each about 10" square and about 1 1/2" deep. One is the analogue/data splitter, te other is a 'modem' that provides a utp connection to your network. BT also provide a PCI ethernet card (ne2000 clone, RealTek RTL8029 chip) and a cable.
5. Lots of BT 'constent servers' that no-one in his right mind would want to look at.
6. Access to the whole internet. BT provide web proxies that you can use.
What do you not get? -------------------
1. Mail services. You must register with some ISP for that. 2. Usenet.
How do you get it? -----------------
1. You have to live in the right area.
2. You *must* be running W95/W98. If not, BT won't even talk to you.
3. Connect your web browser to www.btinteractive.com/Registration/. For this site you will need Flash Graphics. BT *say* that you have to be running IE to use their site. I was totally unable to get it to work with IE, but Netscape worked fine. This web site is one of the worst designed and most annoying that I have seen in a long time.
4. Go through the rather long-winded registration process that will include, inter alia, downloading a program (W95/W98) that will examine your machine. You then mail the output of this program back to BT.
5. In due course BT will come and install the equipment in your premises.
6. Use the BT supplied floppies to configure your W95/W98. Donwload about 30Mb of other software and install it. You can now get at the BT content services. Apart from access to the BT servers you can ignore all their instructions. For Linux configuration, see below.
Network Config --------------
You get a 2-bit (4 address) network allocated to you. BT tell you about two of the addresses, but not the other two. The address is of the form 192.168.x.y with a 30-bit netmask.
192.168.x.y+1 is the BT 'modem' 192.168.x.y+2 is the address BT tell you to use for your machine 192.168.x.y+3 is the broadcast address.
192.168.x.y is a spare host address and can be used if you have two machines on your network.
BT's name servers are on 192.168.0.* and 192.168.1.*, so that rather rules out using the 192.168.*.* private address range on your home network. You just don't know who else might be using your addresses and causing conflicts. However you can still use 10.*.*.*.
Routing -------
In /etc/networks create entries for your local network and for the BT network.
loopback 127.0.0.0 localnet 10.0.0.0 BTnet 192.168.x.y
In /etc/hosts create entries for the BT hosts, e.g.
192.168.0.18 dns1.BTInteractive.net alderney.BTInteractive.net 192.168.1.5 dns2.BTInteractive.net 12.168.x.y+1 gate.BTInteractive
I assume that you have just one ethernet card in your machine. If you have two then it becomes easier to isolate your private network from the public one. At a suitable place in your rc scripts add:
/sbin/ifconfig eth0 10.0.0.1 broadcast 10.255.255.255 netmask 10.0.0.0 /sbin/ifconfig eth0:0 192.168.x.y+2 broadcast 192.168.x.y+3 netmask 192.168.x.y /sbin/route add -net localnet netmask 10.0.0.0 eth0 /sbin/route add -net BTnet netmask 192.168.x.y eth0:0 /sbin/route add default netmask 0.0.0.0 gw gate.BTInteractive eth0:0
With two ethernet cards replace eth0:0 by eth1, or vice versa.
In /etc/resolve.conf put: nameserver 192.168.0.18 nameserver 192.168.1.5
Security --------
You are now directly connect to the internet, so security is a major issue.
Make sure all user accounts have *good* passwords. Use shadow passwords. Run pwck and grpck regularly. Disable system accounts such as bin, sync, daemon etc. by putting an 'x' in the password field of /etc/shadow.
In /etc/inetd.conf comment out the entries for chargen, finger, netstat, systat, bootps and tftp.
Put sensible values in /etc/hosts.deny and /etc/hosts.allow. A good place to start is to put ALL:ALL in hosts.deny and then to enable just those services you want, e.g. smtp, in hosts.allow. When a connection is denied run a script to log the event; for instance, in hosts.deny put the line: ALL:ALL:spawn ( /usr/bin/logger -p auth.debug "%a %d %c %h %p %s")&
Implement packet filtering to discard any packets that look suspicious, e.g. those trying to use your machine as a gateway. Also drop any packets to the local net that try to go out through the BT gateway; any packets from the gateway that purport to come from the local network.
If you are running a private netowrk you may want to nominate one machine as a masquerading gateway so that you can control access more easily.
Update your Samba config to allow connections only to/from the local network. [ This email came to you via the Anglian Linux User Group list ] [ If you only wish to recieve event announcements, email the ] [ SUBJECT of "unsubscribe" to this list and "subscribe" to ] [ alug-announce@stu.uea.ac.uk -- We do need your support, tho' ]