Difference between revisions of "Workstation configuration"
Line 1: | Line 1: | ||
== Network configuration == |
== Network configuration == |
||
− | You should get a static IP from the system administrator. Your hostname will be the name of a famous scientist and the domain is |
+ | You should get a static IP from the system administrator. Your hostname will be the name of a famous scientist and the domain is ulb.ac.be. Other relevant addresses are: |
{| border="1" cellpadding="2" cellspacing="0" |
{| border="1" cellpadding="2" cellspacing="0" |
||
Line 45: | Line 45: | ||
164.15.10.255 |
164.15.10.255 |
||
|} |
|} |
||
− | |||
== Firewall configuration == |
== Firewall configuration == |
Revision as of 19:39, 8 November 2004
Network configuration
You should get a static IP from the system administrator. Your hostname will be the name of a famous scientist and the domain is ulb.ac.be. Other relevant addresses are:
Description | IP address |
---|---|
Gateway |
164.15.10.254 |
DNS1 |
134.184.250.7 |
DNS2 |
134.184.15.13 |
You might also need to add the following data, althoug many systems set it automatically:
Description | Value |
---|---|
Network |
164.15.10.0 |
Netmask |
255.255.255.0 |
Broadcast |
164.15.10.255 |
Firewall configuration
Since the computers are available through direct connections from internet you should protect your machine with a firewall. Linux provides an integrated mechanism for accepting or rejecting incoming packets.
If you want to setup a good firewall quickly, you may use the following link : Firewall script generator
How to generate the firewall script ?
Usually, the interface to internet is eth0. You can check your available interfaces
by typing (as root) :
# ifconfig -a
Most of the time, you wish to have an access to the computer, but you still want it to be secure. The best is to disable any inbound service except SSH. The SSH connections are encrypted so that you can safely access to the computer even if someone is tcpdumping your connection.
For the moment, I don't know how to use the Fireparse format. If you know about it just use it. Otherwise you'll have to take a look at the logs (/var/log/syslog) to monitor the possible network problems or attacks.
Now that you have all the necessary informations, you can generate the firewall script. Name this script iptables, give it execution rights (chmod u+x iptables) and put it under the directory /etc/init.d/.
Be aware that the script loads some iptables modules in your kernel. If you have recompiled your kernel then you should ensure that the necessary modules are present. If you have statically linked the code to the kernel then you should remove the modprobe commands in the firewall's script.
Now simply add a symbolic link in the runlevel 2 to this script by typing (as root) :
# ln -s /etc/rc2.d/S12iptables /etc/init.d/iptables
You should adapt the number 12 to your needs. The firewall must be run as early as possible.
For example if telnet services are run before it, an attack is still possible. Be careful about this.
If you want to understand more deeply iptables, you can check the following URLs :
Iptables tutorial and explanations
Setting up a firewall using iptables (in french)
Printer configuration
Name | URL | Model | Location |
---|---|---|---|
Gutenberg |
gutenberg.ulb.ac.be |
HP4100 |
The seminar room |
Meucci |
meucci.ulb.ac.be |
Ricoh Aficio 1290 |
- |
The IRIDIA and the ULB network
The IRIDIA system administrator can create an account on the local subnet for you, however, if you want to have access to some of the computer services of the university, you'll need an account on the university network as well. Ask the secretary for the forms and the process.
Mail configuration
Assuming that you have an account on both the local and the university network the mail settings are as follows:
Service | URL |
---|---|
SMTP |
smtp.ulb.ac.be |
Iridia POP |
iridia.ulb.ac.be |
Iridia IMAP |
iridia.ulb.ac.be |
ULB POP |
pop.ulb.ac.be |
ULB IMAP |
pop.ulb.ac.be |
The SMTP server does not require authentication. The POP and IMAP services of ULB accept unsecure connections (no SSL). The POP and IMAP servers of Iridia require secure connections (with SSL).
There are also web interfaces available to read the email if you can not connect to the above servers via POP or IMAP:
SERVER | URL |
---|---|
ULB |
|
IRIDIA |